Here we go….?
On Sept. 1, this blog noted a breach involving a TransformPOS client in Illinois. The client, Village Pizza & Pub, says they learned of the breach on July 27th.
Now there may be other, possibly related breach reports in Wisconsin. Negassi Tesfamichael of The Daily Cardinal (a U. Wisconsin-Madison student publication) reports:
The UW-Madison Police Department has begun an investigation into a string of identity thefts, which compromised the credit card information of UW staff members and other customers at local businesses.
[…]
Police do not know exactly what businesses were involved, though CoffeeBytes owner John Wilson acknowledged his shop suffered a data breach in mid-August.
“We immediately called our credit card processor,” Wilson said, whose own card information was also stolen.
[…]
The software company TransForm, which provides sales software for CoffeeBytes, is currently investigating the incident independently of UWPD. TransForm also noticed other area businesses had similar virus attacks. (emphasis added by DataBreaches.net)
So is this all from a breach at Transform? It sounds like it could be, but the firm has not responded to an inquiry sent earlier today by DataBreaches.net. If they respond, I will update this post with their response.
Update of Sept. 14: Transform did not respond to my inquiry, but I received confirmation today from another one of their clients, Benvenutos, that their customers also reported fraudulent use of their payment card information. Benvenutos tells DataBreaches.net that “We have taken every measure to protect our guests going forward.”
So how many clients and how many of their customers were impacted by what now appears to be a breach involving TransformPOS? And when did TransformPOS reach out and notify its clients?