Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

PoS Vendor NEXTEP SYSTEMS Investigates Data Breach Report

Point-of-sale vendor NEXTEP SYSTEMS confirmed it was notified by law enforcement that the security of some of its systems at customer locations may have been compromised.

Point-of-sale vendor NEXTEP SYSTEMS confirmed it was notified by law enforcement that the security of some of its systems at customer locations may have been compromised.

“NEXTEP immediately launched an investigation in cooperation with law enforcement and data security experts we retained to determine the root cause and remediate the issue,” Tommy Woycik, president of NEXTEP SYSTEMS, said in an emailed statement. “We do know that this is not affecting all NEXTEP customers, and we have been working with our customers to ensure that any issues are addressed. This remains an ongoing investigation with law enforcement. At this stage, we are not certain of the extent of the breach, and are working to ensure a complete resolution.”

Security blogger Brian Krebs reported that sources in the financial industry observed a pattern of fraud activity involving payment cards used at Zoup!, a restaurant franchise with locations around the country. Zoup! referred Krebs to NEXTEP SYSTEMS, with Zoup! CEO Eric Ersher reportedly stating that NEXTEP SYSTEMS had recently been notified of a problem with its PoS devices.

If the breach is at NEXTEP SYSTEMS, it will not be the first point-of-sale (PoS) vendor to have been targeted by hackers. Last year, Charge Anywhere disclosed it was impacted by an attack that may have compromised data going back as far as 2009. In other case, PoS vendor Signature Systems acknowledged it had been victimized by an attacker who gained access to a username and password the company used to access PoS systems remotely.

“Many traits of the typical restaurant chain’s payment ecosystem are inherently vulnerable to data breaches,” said George Rice, senior director of payments at HP Security Voltage. “Frequently, restaurant franchisees are often given the flexibility of managing their own POS systems, which makes brand-wide payment security a big challenge.”

In an unrelated breach, health food chain Natural Grocers confirmed last week that payment card data was indeed compromised in an attack. However, the company stressed there is no evidence any PIN information or card security code numbers were compromised. In addition the company said it is in the process of upgrading PoS systems at all 93 of its stores.

 

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack