Point-of-sale vendor NEXTEP SYSTEMS confirmed it was notified by law enforcement that the security of some of its systems at customer locations may have been compromised.
“NEXTEP immediately launched an investigation in cooperation with law enforcement and data security experts we retained to determine the root cause and remediate the issue,” Tommy Woycik, president of NEXTEP SYSTEMS, said in an emailed statement. “We do know that this is not affecting all NEXTEP customers, and we have been working with our customers to ensure that any issues are addressed. This remains an ongoing investigation with law enforcement. At this stage, we are not certain of the extent of the breach, and are working to ensure a complete resolution.”
Security blogger Brian Krebs reported that sources in the financial industry observed a pattern of fraud activity involving payment cards used at Zoup!, a restaurant franchise with locations around the country. Zoup! referred Krebs to NEXTEP SYSTEMS, with Zoup! CEO Eric Ersher reportedly stating that NEXTEP SYSTEMS had recently been notified of a problem with its PoS devices.
If the breach is at NEXTEP SYSTEMS, it will not be the first point-of-sale (PoS) vendor to have been targeted by hackers. Last year, Charge Anywhere disclosed it was impacted by an attack that may have compromised data going back as far as 2009. In other case, PoS vendor Signature Systems acknowledged it had been victimized by an attacker who gained access to a username and password the company used to access PoS systems remotely.
“Many traits of the typical restaurant chain’s payment ecosystem are inherently vulnerable to data breaches,” said George Rice, senior director of payments at HP Security Voltage. “Frequently, restaurant franchisees are often given the flexibility of managing their own POS systems, which makes brand-wide payment security a big challenge.”
In an unrelated breach, health food chain Natural Grocers confirmed last week that payment card data was indeed compromised in an attack. However, the company stressed there is no evidence any PIN information or card security code numbers were compromised. In addition the company said it is in the process of upgrading PoS systems at all 93 of its stores.
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- OpenSSL Ships Patch for High-Severity Flaws
- Software Supply Chain Security Firm Lineaje Raises $7 Million
- ICS Cybersecurity Firm Opscura Launches With $9.4 Million in Series A Funding
- Vulnerability Provided Access to Toyota Supplier Management Network
- Patch Released for Actively Exploited GoAnywhere MFT Zero-Day
- Linux Variant of Cl0p Ransomware Emerges
- VMware Says No Evidence of Zero-Day Exploitation in ESXiArgs Ransomware Attacks
- Comcast Wants a Slice of the Enterprise Cybersecurity Business
