Chipotle, Arby's Involved in $1 Billion Hacking Scheme

A hacking group caused more than $1 billion in damages after stealing customers’ financial information from some of the biggest chains in the country, like Chipotle, Chili’s, Arby’s, Red Robin, and Jason’s Deli.

At Chipotle, the action occurred in 2017, according to the company.

Known as FIN7, the hackers breached computer networks in all 50 states and Washington, D.C. and stole more than 20 million debit and credit card records from more than 6,500 POS terminals at more than 3,600 locations. Intrusions also occurred in the U.K., Australia, and France.

Since at least 2015, FIN7—also known as Carbanak Group and the Navigator Group—used a malware campaign to attack U.S. companies in the restaurant, gambling, and hospitality industries. The group crafted email messages that appeared genuine to employees and accompanied those messages with phone calls to further legitimize the email. Once a file attached to the fraudulent email was opened and activated, FIN7 used its malware to steal payment card data from the business’ customers. Many of the stolen numbers have been up for sales through online underground marketplaces.

Three members of FIN7 have been charged in the U.S. thus far. Denys Iarmak was sentenced to five years on Wednesday in the U.S. Attorney’s Office’s Western District of Washington. In April 2021, Fedir Hladyr was sentenced to 10 years and in June 2021 Andrii Kolpakov was given seven years.

“Iarmak and his conspirators compromised millions of financial accounts, causing over a billion dollars in losses to Americans and costs to America’s economy,” Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division said in a statement. “Protecting businesses—both large and small—online is a top priority for the Department of Justice. We are committed to working with our international partners to hold such cyber criminals accountable, no matter where they live or how anonymous they think they are.”

The crimes were investigated by the FBI’s Seattle Cyber Task Force. Other organizations providing assistance include, the Justice Department’s Office of International Affairs, the National Cyber-Forensics and Training Alliance, numerous computer security firms and financial institutions, and FBI offices across the nation and world.

Multiple restaurant chains have been involved in major cyberattacks within the past year.

In June 2021, McDonald’s revealed hackers stole contact information of U.S. employees and franchisees and other details like seating capacity and square footage of restaurants. In South Korea and Taiwan, the group captured emails, phone numbers, and addresses of delivery customers. Nearly six months later, California Pizza Kitchen reported the names and Social Security numbers of nearly 104,000 current and former employees had been exposed.

MOD Pizza to Begin Using Bikky’s Customer Analytics Solutions

Bikky, a customer data platform built exclusively for multi-unit restaurants, announced a partnership with MOD Pizza, the purpose-led, people-first, fast casual pizza pioneer. By leveraging Bikky’s customer analytics capabilities across its entire portfolio of over 500 locations, MOD is deepening its knowledge of what marketing and menu decisions resonate with customers and as a result, increase […]

ItsaCheckmate Unveils Kiosk Solution

ItsaCheckmate, a leading restaurant ordering solutions provider, unveiled its new Kiosk solution, engineered to enhance the visual and operational standards of kiosks in the restaurant industry. This release marks a significant step forward, addressing common user experience and branding limitations found in other offerings. Many of the market’s existing kiosk solutions force brands to compromise on […]

Sparkfly Forges Partnership with Olo

Sparkfly, an award-winning retail technology solutions company, has forged a strategic partnership with Olo, a leading restaurant technology provider, to create the next-generation intelligent guest engagement ecosystem. With tens of thousands of restaurant locations already supported by Sparkfly and Olo collectively, there are significant expansion opportunities supporting growth and innovation for enterprise restaurant brands. The […]

Steak ‘n Shake Locations Add Biometric Check-in and Checkout

PopID and Steak n Shake announced that all Steak n Shake locations in the United States now accept PopID Check In (to review favorite orders and loyalty points) and PopPay for checkout. With more than 300 locations, Steak n Shake is the first national restaurant brand in the United States to adopt biometric check-in and […]

Wayback Burgers Unveils New Rewards Program

Wayback Burgers, America’s favorite hometown burger joint and one of the nation’s fastest growing burger franchises, unveiled Wayback Rewards, its new and improved rewards program for guests. Highlighted by a new “secret menu” which will put fun, limited time menu items at members’ fingertips, members can access the new Wayback Rewards program wherever they order, whether via the app, online, […]

Black Rock Coffee Bar Implements Revel’s POS Systems

Revel Systems, an open cloud order management platform for restaurant and retail brands, announced that Black Rock Coffee Bar has successfully implemented Revel at more than 130 locations, with plans to rapidly expand nationwide. Preferring a best-of-breed approach to its technology stack, Black Rock took advantage of Revel’s existing integrations with leading solutions for loyalty, […]

You might also like...

Also in Operations

Get daily updates on quick-serve industry news, tips, and events.