BreachExchange mailing list archives
DiBella's finally notifies customers of cyberattack that happened more than a year ago
From: Destry Winant <destry () riskbasedsecurity com>
Date: Wed, 27 Nov 2019 07:55:43 -0600
https://www.wfsb.com/news/dibella-s-finally-notifies-customers-of-cyberattack-that-happened-more/article_ed164bba-106d-11ea-ab5c-0fe6251cacd3.html (WFSB) - A sandwich shop with several Connecticut locations warned customers that their financial information may have been at risk more than a year after a cyber attack. DiBella's Subs issued a statement on its website in which it said customers who visited stores in Connecticut, Indiana, Michigan, Ohio, New York and Pennsylvania may be affected. The information stolen may have included names, payment card numbers, expiration dates and CVV numbers. "The incident involved possible unauthorized access to payment card information," the franchise wrote on its website. "However, because of the sophistication and complexity of the attack, the company is not able to identify which cards or cardholders may have been impacted." The breach happened on Aug. 27, 2018, the FBI notified DiBella's. According to the FBI, a cybercrime syndicate called "FIN7" was behind the attacks and had worked to potentially gain access to payment card data on store information systems. "Since then, we have fully cooperated with the FBI and U.S. Secret Service and the payment card brands to properly assess the scope of the incident and take steps to mitigate any potential harm," DiBella's said. Customers who visited stores between March 22, 2018 and Dec. 28, 2018 could be at risk. As many as 305,000 cards could be impacted, DiBella's announced. DiBella's also commented as to why it waited so long to notify customers. "The company has cooperated with law enforcement since the initial notice of a potential incident," it said. "As we have been advised by law enforcement that any such disclosure would not compromise any ongoing investigations, we are providing this notice. The company has not received any customer complaints or reports of misuse of their personal information before or after first notification of the potential incident. As with so many aspects of this incident, we apologize for any inconvenience or concern this incident may have caused." DiBella's has four Connecticut locations, including Hamden, Milford, Newington and Wallingford. More information about the incident is available to customers who call 866-807-7469. It can also be found on DiBella's website here. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- DiBella's finally notifies customers of cyberattack that happened more than a year ago Destry Winant (Nov 27)