[BreachExchange] DiBella's finally notifies customers of cyberattack that happened more than a year ago

Destry Winant destry at riskbasedsecurity.com
Wed Nov 27 08:55:43 EST 2019


https://www.wfsb.com/news/dibella-s-finally-notifies-customers-of-cyberattack-that-happened-more/article_ed164bba-106d-11ea-ab5c-0fe6251cacd3.html

(WFSB) - A sandwich shop with several Connecticut locations warned
customers that their financial information may have been at risk more
than a year after a cyber attack.

DiBella's Subs issued a statement on its website in which it said
customers who visited stores in Connecticut, Indiana, Michigan, Ohio,
New York and Pennsylvania may be affected.

The information stolen may have included names, payment card numbers,
expiration dates and CVV numbers.

"The incident involved possible unauthorized access to payment card
information," the franchise wrote on its website. "However, because of
the sophistication and complexity of the attack, the company is not
able to identify which cards or cardholders may have been impacted."

The breach happened on Aug. 27, 2018, the FBI notified DiBella's.

According to the FBI, a cybercrime syndicate called "FIN7" was behind
the attacks and had worked to potentially gain access to payment card
data on store information systems.

"Since then, we have fully cooperated with the FBI and U.S. Secret
Service and the payment card brands to properly assess the scope of
the incident and take steps to mitigate any potential harm," DiBella's
said.

Customers who visited stores between March 22, 2018 and Dec. 28, 2018
could be at risk.

As many as 305,000 cards could be impacted, DiBella's announced.

DiBella's also commented as to why it waited so long to notify customers.

"The company has cooperated with law enforcement since the initial
notice of a potential incident," it said. "As we have been advised by
law enforcement that any such disclosure would not compromise any
ongoing investigations, we are providing this notice. The company has
not received any customer complaints or reports of misuse of their
personal information before or after first notification of the
potential incident. As with so many aspects of this incident, we
apologize for any inconvenience or concern this incident may have
caused."

DiBella's has four Connecticut locations, including Hamden, Milford,
Newington and Wallingford.

More information about the incident is available to customers who call
866-807-7469.

It can also be found on DiBella's website here.


More information about the BreachExchange mailing list