Three new breaches have been reported in the past week showing that payment card data theft is still an ever-present threat.


Mandarin Hotel Group have confirmed that its hotels have been subject to a payment card breach. The breach has been perpetrated using card-data stealing malware on POS systems used at hotels in both Europe and the US and is likely to have been in operation since December 2014. Krebs On Security has been investigating the breach and published details last week.

The breach has parallels to the Marriot hotels breach reported in January but there is no indication whether the same gang is behind both breaches. Backoff malware was also rampant during 2014 and was responsible for card data breaches at Dairy Queen among many others. has issued an apology in a statement regarding a ‘criminal attack’ on its website. The breach was effective throughout August 2014 until January 21 2015 and data stolen includes name, address, telephone number, email address/user name, password and credit card information of some customers. BRS provide saltwater aquarium supplies and with revenues of $16.1M reported for 2013, the impact of the customer data theft could be substantial. No further information has been provided about the nature of the breach but the most likely explanation is that malware was introduced to the eCommerce website to allow customer data to be stolen in a similar way to the Big Fish Games website breach reported last month.


NEXTEP Systems provide POS systems to restaurants, corporate cafeterias, casinos, airports and other food service venues. One of their customers – Zoup, with 75 restaurants – was recently identified as being the likely origin of a sequence of fraudulent card transactions.

Further information has now emerged that the breach may in fact be centered on NEXTEP Systems: NEXTEP Systems runs the POS systems on behalf of Zoup and other customers who may also have been compromised. reports that this is not a unique scenario with at least two other POS Vendors – Signature Systems and Advanced Restaurant Management Applications - responsible for breaches affecting hundreds of independent restaurants.

The root-cause for the Target Breach in 2013 was a compromised 3rd Party with access to Target Store systems but whether this was the attack vector used or not the conclusion still is that breach detection is a critical security best practice.

Learn about PCI DSS Compliance

Read the full report on the Mandarin Hotel Group breach here

Read the full report on the breach here

Read the full report on the NEXTEP Systems POS breach here


The Most Powerful & Reliable Cybersecurity Products
Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2021, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.