Three new breaches have been reported in the past week showing that payment card data theft is still an ever-present threat.

 

Mandarin Hotel Group have confirmed that its hotels have been subject to a payment card breach. The breach has been perpetrated using card-data stealing malware on POS systems used at hotels in both Europe and the US and is likely to have been in operation since December 2014. Krebs On Security has been investigating the breach and published details last week.

The breach has parallels to the Marriot hotels breach reported in January but there is no indication whether the same gang is behind both breaches. Backoff malware was also rampant during 2014 and was responsible for card data breaches at Dairy Queen among many others.

 

BulkReefSupply.com has issued an apology in a statement regarding a ‘criminal attack’ on its website. The breach was effective throughout August 2014 until January 21 2015 and data stolen includes name, address, telephone number, email address/user name, password and credit card information of some customers. BRS provide saltwater aquarium supplies and with revenues of $16.1M reported for 2013, the impact of the customer data theft could be substantial. No further information has been provided about the nature of the breach but the most likely explanation is that malware was introduced to the eCommerce website to allow customer data to be stolen in a similar way to the Big Fish Games website breach reported last month.

 

NEXTEP Systems provide POS systems to restaurants, corporate cafeterias, casinos, airports and other food service venues. One of their customers – Zoup, with 75 restaurants – was recently identified as being the likely origin of a sequence of fraudulent card transactions.

Further information has now emerged that the breach may in fact be centered on NEXTEP Systems: NEXTEP Systems runs the POS systems on behalf of Zoup and other customers who may also have been compromised. KrebsOnSecurity.com reports that this is not a unique scenario with at least two other POS Vendors – Signature Systems and Advanced Restaurant Management Applications - responsible for breaches affecting hundreds of independent restaurants.

The root-cause for the Target Breach in 2013 was a compromised 3rd Party with access to Target Store systems but whether this was the attack vector used or not the conclusion still is that breach detection is a critical security best practice.

Learn about PCI DSS Compliance

Read the full report on the Mandarin Hotel Group breach here

Read the full report on the BulkReefSupply.com breach here

Read the full report on the NEXTEP Systems POS breach here

 

The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.