The UW-Madison Police Department has begun an investigation into a string of identity thefts, which compromised the credit card information of UW staff members and other customers at local businesses.
UWPD spokesperson Marc Lovicott explained the department’s involvement in the investigation Tuesday, saying the breach affected employees working at 333 East Campus Mall.
“Because there were a handful of UW employees involved, we decided to launch an investigation to find out what has been going on and to see how the information was stolen,” Lovicott said.
Police do not know exactly what businesses were involved, though CoffeeBytes owner John Wilson acknowledged his shop suffered a data breach in mid-August.
“We immediately called our credit card processor,” Wilson said, whose own card information was also stolen.
The hackers installed malware on the shop’s computers to extract customers’ credit card numbers, Wilson said.
The software company TransForm, which provides sales software for CoffeeBytes, is currently investigating the incident independently of UWPD. TransForm also noticed other area businesses had similar virus attacks.
Jeff Maurer, owner of Fresh Madison Market located down the block from CoffeeBytes, declined to comment when asked if any customer credit card information was compromised recently.
UW Credit Union initially told Wilson 12 cards had been compromised at CoffeeBytes, though more customers have since contacted him directly with complaints.
“There are maybe 20 or so cards at this point,” Wilson said, noting the scale of the breach makes it difficult to know how many people were affected and how much money the hackers charged on the cards.
Wilson said he has upgraded CoffeeBytes’ security software to the recommended level, making the computer system safe to use now.
“We take all security seriously at the shop and have been completely compliant,” Wilson said. “We extend our apologies to any of our customers.”
