Pacific Northwest burger chain hit by FIN7

Northwest U.S. fast food chain Burgerville revealed that its customers' credit and debit card information was stolen by the international cybercrime group known as FIN7.
Burgerville has locations in Oregon and Washington (Flickr user <a href="">Adam Dachis</a>)

Fast-food chain Burgerville revealed Wednesday that its customers’ credit and debit card information was stolen by the international cybercrime group known as FIN7.

The company, which has over 40 locations in Oregon and Washington, said customers that used a credit card at any of its locations between September 2017 and September 2018 should consider their cards compromised.

Burgerville says the information taken includes names, card numbers, expiration dates and CVV numbers.

“We realize that this intrusion was not only on Burgerville’s system, but also on your life,” Burgerville interim CEO Jill Taylor wrote in a letter to customers. “This isn’t what you expected to happen when you came to visit one of our locations.”


The company learned of the intrusion in August when the FBI reached out after it announced the arrest of three men tied to FIN7. In the indictment, the Department of Justice named a number of businesses based in  Washington, but had not revealed that Burgerville was among those affected.

The company further learned in September that the malware responsible for stealing credit card information was still active on its systems. The company it has since been removed with the help of a private cybersecurity firm.

FIN7 has long targeted restaurant systems, along with other retail and hospitality companies.

Three men from Ukraine — Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kopakov, 30 — were labeled as the alleged masterminds of FIN7 after their arrests were announced in August. They were charged with 26 felony counts alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts