Breach Detection BREACH DETECTION

 

 Three new breaches have been reported in the past week showing that payment card data theft is still an ever-present threat.

Mandarin Hotel Group have confirmed that its hotels have been subject to a payment card breach. The breach has been perpetrated using card-data stealing malware on POS systems used at hotels in both Europe and the US and is likely to have been in operation since December 2014. Krebs On Security has been investigating the breach and published details last week.

The breach has parallels to the Marriot hotels breach reported in January but there is no indication whether the same gang is behind both breaches. Backoff malware was also rampant during 2014 and was responsible for card data breaches at Dairy Queen among many others.

 

BulkReefSupply.com has issued an apology in a statement regarding a ‘criminal attack’ on its website. The breach was effective throughout August 2014 until January 21 2015 and data stolen includes name, address, telephone number, email address/user name, password and credit card information of some customers. BRS provide saltwater aquarium supplies and with revenues of $16.1M reported for 2013, the impact of the customer data theft could be substantial. No further information has been provided about the nature of the breach but the most likely explanation is that malware was introduced to the eCommerce website to allow customer data to be stolen in a similar way to the Big Fish Games website breach reported last month.

 

NEXTEP Systems provide POS systems to restaurants, corporate cafeterias, casinos, airports and other food service venues. One of their customers – Zoup, with 75 restaurants – was recently identified as being the likely origin of a sequence of fraudulent card transactions.

Further information has now emerged that the breach may in fact be centered on NEXTEP Systems: NEXTEP Systems runs the POS systems on behalf of Zoup and other customers who may also have been compromised. KrebsOnSecurity.com reports that this is not a unique scenario with at least two other POS Vendors – Signature Systems and Advanced Restaurant Management Applications - responsible for breaches affecting hundreds of independent restaurants.

The root-cause for the Target Breach in 2013 was a compromised 3rd Party with access to Target Store systems but whether this was the attack vector used or not the conclusion still is that breach detection is a critical security best practice.

 

Read the full report on the Mandarin Hotel Group breach here

Read the full report on the BulkReefSupply.com breach here

Read the full report on the NEXTEP Systems POS breach here

 

Share this blog post

Products
USA Offices
New Net Technologies Ltd
Naples
9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email USinfo@nntws.com
NNT Logo
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email info@newnettechnologies.com
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Sign up to NNT's IT security and compliance monthly newsletter. Get breaking security news, how-to tips, trends and commentary direct to your inbox.

Sign up to the NNT newsletter