If you ate at Burgerville last month, you might end up paying for much more than a burger and shake.
According to a statement today from the fast food chain, a "sophisticated cyberattack" on Burgerville's network was detected by the Federal Bureau of Investigation in late August. The company says it immediately began working with law enforcement to contain the breach, and is just now informing customers "in an abundance of caution." It does not know how many people might have been affected.
"On September 19, 2018, as part of its forensics investigation, Burgerville discovered that the breach, which was initially thought to be a brief intrusion, was still active," today's statement reads. "The group of hackers had placed malware on Burgerville's network to collect data on an ongoing basis."
It continues: "Over the course of the investigation, it was determined that some of Burgerville's customers' credit and debit card information, including names, card numbers, expiration dates, and the CVV numbers found on the back of most cards may have been compromised."
A representative for Burgerville declined to comment on why the chain did not immediately issue a warning to customers about the breach—which is believed to have been organized by the international cybercrime group Fin7.
Fin7, the FBI assumes, is connected with attacks on over 100 companies in 47 states. The U.S. Department of Justice calls the group a "sophisticated criminal enterprise."
"Unfortunately, these types of breaches are all too common today and they are taking a toll on people's ability to feel safe and to trust one another," Jill Taylor, interim CEO of Burgerville said in a statement.
Today, the chain is advising anyone who ate at Burgerville in September to check their bank statements and credit reports for unauthorized activity and to consider freezing their credit.
The breech comes in the midst of a fraught year for Burgerville. A nascent union is continuing its eighth-month long call for customers to boycott the chain.