NEXTEP, the point-of-sale (PoS) provider for numerous restaurants and cafeterias – including popular soup eatery Zoup – is reportedly up to the knees in bisque following the compromise of its systems, reports Brian Krebs.
Law enforcement notified NEXTEP that some of its customer locations had been compromised in a potentially wide-ranging credit card breach following “reports by sources in the financial industry who spotted a pattern of fraud on credit cards”, all of which had recently been used at branches of Zoup.
NEXTEP president Tommy Woycik informed Mr Krebs that:
“NEXTEP immediately launched an investigation in cooperation with law enforcement and data security experts we retained to determine the root cause and remediate the issue. We do know that this is NOT affecting all NEXTEP customers, and we have been working with our customers to ensure that any issues are addressed. This remains an ongoing investigation with law enforcement. At this stage, we are not certain of the extent of the breach, and are working around the clock to ensure a complete resolution.”
NEXTEP is not the first point-of-sale provider to be hacked, nor, sadly, will it be the last. Last year, Signature Systems admitted responsibility for the breach that affected 216 Jimmy John’s branches, and the massive breach that hit Staples was also the result of a point-of-sale malware attack.
All organizations that store, transmit or process payment cardholder data must comply with the Payment Card Industry Data Security Standard (PCI DSS).
For further information on the PCI DSS, read PCI DSS: A Pocket Guide. Co-written by a PCI QSA (Qualified Security Assessor) and updated to cover PCI DSS version 3.0, this handy pocket guide provides all the information you need to consider as you approach the PCI DSS. It is also an ideal training resource for anyone in your organization who deals with payment card processing. Only $14.95.