Cyber Incident Victim: Bowlmor AMF

Bowlmor AMF, identified as the world's largest bowling center operator, disclosed a potential payment card data breach on a Friday in January 2017. The incident impacted 21 of the company's 300+ U.S. locations across 12 states, with confirmed malware presence on point-of-sale systems between February 4 and March 19, 2017. The malicious software specifically targeted payment card information processed through affected computers during this seven-week period. Security personnel discovered the data-snatching malware during routine system monitoring, though the exact intrusion method remained unspecified in public disclosures. No evidence suggested broader corporate network compromise beyond the 21 identified bowling centers. The company initiated forensic investigations upon detection to assess data exposure scope and malware functionality.

Three affected Virginia locations included AMF Sunset Lanes in Henrico County's West Broad Street, AMF Dale City Lanes in Woodbridge, and AMF Hilltop Lanes in Roanoke. Bowlmor AMF's public notification occurred approximately ten months after the malware's earliest known activation date, though the disclosure timeline relative to internal discovery remained unclear. The breach window indicated continuous malware operation across multiple weekends and holiday periods when bowling centers typically experience high transaction volumes. Forensic analysis confirmed the malware's design focused on capturing payment card details during processing, but the company did not specify whether customer names, PINs, or other personal identifiers were compromised. No quantitative estimates of affected customers or fraudulent activity traces were included in the initial breach notification.