Cyber Incident Victim: TransformPOS
Date:
Apr 2015
Location:
United States of America
Summary
A restaurant chain experienced a payment card data breach via malware compromising its third-party POS provider, TransformPOS. Unauthorized access occurred during transaction processing, potentially exposing cardholder names, numbers, expiration dates, and verification codes over several months. Forensic investigators could not confirm data exfiltration, but the breach prompted customer notifications and fraud monitoring advisories. The provider addressed the vulnerability, enhanced security measures, and involved law enforcement, while the restaurant established a dedicated support line for affected individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 27, 2015, Village Pizza & Pub, operating locations in Carpentersville and Elgin, Illinois, was informed by its point-of-sale payment card processor TransformPOS that a security incident had compromised its transaction system. An unauthorized individual deployed malware to access Village Pizza’s payment card data during transmission through TransformPOS infrastructure. The breach period spanned April 23, 2015, to August 2, 2015, exposing magnetic stripe data from cards used at both restaurant locations. Compromised information included cardholder names, card numbers, expiration dates, and verification codes. TransformPOS engaged an external forensic firm to investigate but could not conclusively determine whether cardholder data was exfiltrated from Village Pizza’s systems. Law enforcement agencies were notified to pursue the perpetrators. Village Pizza proactively notified affected customers despite the lack of forensic confirmation, urging them to scrutinize account statements for unauthorized transactions during the exposure window and to report fraud to issuing banks immediately, citing credit card companies’ zero-liability policies.
Village Pizza established a dedicated call center (1-844-261-9738) operational from 7am to 4pm Central Time for customer inquiries, emphasizing transparency despite TransformPOS’s assurance that the malware vulnerability had been remediated and enhanced security measures implemented. Owner Marcie Sarillo publicly affirmed restored payment system integrity, stating customers could confidently use cards at both locations. The breach notification highlighted the specific data elements at risk but did not disclose the number of affected individuals or detailed forensic findings regarding attacker methodologies beyond malware deployment. No ransomware involvement, data extortion attempts, or post-incident customer fraud reports were cited in the disclosure. TransformPOS retained responsibility for incident resolution while Village Pizza focused on customer communication and fraud monitoring guidance without offering credit monitoring services.