Hackers stole the personal information of more than 30,000 customers, including account passwords, credit card information, phone numbers, emails, birth dates, and bank account numbers.
The thieves also accessed data about the Wild Wings business, including payment records, sales figures, and restaurant openings.
The breach also included the names and addresses of more 30,200 people who were also members of the public.
According to the FBI, hackers stole credit card and debit card numbers from the account holders who used the app to pay for food and drinks.
“We know that criminals are increasingly targeting consumer credit cards, debit cards, and other electronic payment cards for financial gain, and this attack is just one more example of that,” FBI Assistant Director-in-Charge Kevin S. Ryan said in a statement.
“Hackers have targeted our nation’s financial institutions and their payment systems to extort millions of dollars from consumers and businesses, and we are determined to hold these criminals accountable.”
The hackers accessed data from the Wild Wing app on more than 70 devices, including iPhones, Android phones, and tablets.
The attackers reportedly accessed the data by using the Safari browser extension that has been used to make the Wild WINGS app available to people worldwide.
The attack was reported by the New York Times and the Wall Street Journal, as well as the Associated Press, ABC News, and the Washington Post.
The FBI said the hackers also gained access to the WildWings mobile banking app.
The AP reported that a total of 20,000 of the 30,201 affected accounts had access to Wild Wings.
“We do not yet know how the attackers accessed the Wild’s personal information,” Ryan said.
“However, we believe that the thieves are using the Wild to collect payments.
WildWINGS is a great example of how the banking industry needs to protect itself from hackers.
We cannot afford to let criminals exploit our systems for personal gain.”
The New York City Police Department confirmed that the stolen information had been sent to law enforcement agencies.