Hackers hit pizza chain through POS vendor

Elgin, Ill. – The latest retail breach to become public knowledge targeted a small chain, but involved a third-party vendor.



Village Pizza & Pub, a two-store local pizza chain headquartered in Elgin, Illinois, was notified on July 27 of a security breach by TransformPOS, the company that provides its POS payment card processing system.



An unauthorized person used malware to gain access to Village Pizza's transaction information as it was being routed through the TransformPOS system. While Transform POS' investigators were not able to forensically assess whether unauthorized access or acquisition of cardholder data actually took place at Village Pizza, the retailer is asking customers who used a debit or credit card between April 23 and Aug. 2, 2015 to check for unauthorized activity.



TransformPOS has retained an outside forensic investigation firm to conduct an investigation, and law enforcement has been notified.



The information that may have been obtained from the card is the information in the magnetic stripe on the back of the card, which includes the cardholder name, card number, expiration date, and verification code. Village Pizza has established a dedicated call center for customers to get more information.



"TransformPOS has assured us that the cause of the incident has been identified and resolved, that enhanced security measures have been implemented, and that customers can feel confident in using their card at both our locations," said local owner Marcie Sarillo. "We deeply regret any inconvenience this may cause our customers.”



It is unknown if any other TransformPOS retail or food service clients may have been affected by the intrusion. The only other client publicly listed on the TransformPOS site is Candlelight Inn Restaurants, which operates three locations in Illinois and Iowa.