A Romanian cybercrime group compromised point-of-sale systems at approximately 150 Subway franchise restaurants across the United States, stealing over 80,000 payment card numbers — though some reports cite figures as high as 3 million cards when aggregating the full scope of the operation. The group, led by Iulian Dolan and including co-conspirators Cezar Butu and Adrian Tiberiu Oprea, gained access to Subway franchise POS systems by exploiting weak RDP (Remote Desktop Protocol) credentials that allowed direct remote access to Windows-based POS computers. Once inside, they installed keystroke loggers and memory-scraping malware to harvest payment card data. The operation targeted not just Subway but also approximately 80 other restaurant and retail chains. In 2012, the conspirators were indicted in U.S. federal court; Dolan and Oprea were sentenced to seven and four years in federal prison respectively in 2013. The case was significant for exposing the widespread use of default or weak RDP credentials on franchise POS systems — a vector attackers could exploit at scale by scanning the internet for exposed RDP ports. The case contributed to PCI DSS guidance emphasizing the prohibition of default system passwords and the importance of network segmentation for POS systems.