Cyber Incident Victim: Village Pizza & Pub
Date:
Apr 2015
Location:
United States of America
Summary
A cybersecurity incident involving a point-of-sale system provider compromised transaction data at a restaurant chain, potentially exposing cardholder names, numbers, expiration dates, and verification codes stored on magnetic stripes. The breach stemmed from malware deployed by an unauthorized actor targeting the provider’s systems, prompting a forensic investigation and law enforcement involvement. While investigators could not confirm data exfiltration, the restaurant notified customers and established a dedicated call center for inquiries. The provider resolved the vulnerability and implemented enhanced security measures, assuring customers of restored payment safety at affected locations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 27, 2015, Village Pizza & Pub became aware of a data security breach involving its point-of-sale payment card processing provider, TransformPOS. The breach occurred when an unauthorized individual deployed malware to intercept transaction data as it passed through TransformPOS’s systems. Village Pizza’s payment card information was compromised during this incident, specifically affecting customers who used debit or credit cards at either the Carpentersville or Elgin locations between April 23, 2015, and August 2, 2015. TransformPOS retained an external forensic investigation firm to examine the breach, though investigators could not conclusively determine whether unauthorized access or acquisition of cardholder data had occurred at Village Pizza. The malware potentially captured data stored on cards’ magnetic stripes, including cardholder names, card numbers, expiration dates, and verification codes. Law enforcement was notified, and efforts to identify and apprehend the responsible parties were underway. Village Pizza opted to notify customers promptly despite the lack of forensic confirmation, emphasizing transparency about the potential risk.
Village Pizza established a dedicated call center operational from 7 a.m. to 4 p.m. Central Time (1-844-261-9738) to address customer inquiries and provide guidance. Customers were advised to monitor their account statements for unauthorized transactions and to contact their card-issuing banks immediately if fraud was suspected. TransformPOS assured Village Pizza that the vulnerability enabling the breach had been identified and resolved, with enhanced security measures implemented to prevent recurrence. Marcie Sarillo, the local owner, publicly stated that customers could resume using payment cards at both restaurant locations with confidence. The company expressed regret for any inconvenience caused and reiterated credit card companies’ policies limiting cardholder liability for fraudulent charges. No further operational disruptions or additional compromises were reported following the containment of the incident.