Breach DetectionBREACH DETECTION

 Three new breaches have been reported in the past week showing that payment card data theft is still an ever-present threat.

 

Mandarin Hotel Group have confirmed that its hotels have been subject to a payment card breach. The breach has been perpetrated using card-data stealing malware on POS systems used at hotels in both Europe and the US and is likely to have been in operation since December 2014. Krebs On Security has been investigating the breach and published details last week.

The breach has parallels to the Marriot hotels breach reported in January but there is no indication whether the same gang is behind both breaches. Backoff malware was also rampant during 2014 and was responsible for card data breaches at Dairy Queen among many others.

 

BulkReefSupply.com has issued an apology in a statement regarding a ‘criminal attack’ on its website. The breach was effective throughout August 2014 until January 21 2015 and data stolen includes name, address, telephone number, email address/user name, password and credit card information of some customers. BRS provide saltwater aquarium supplies and with revenues of $16.1M reported for 2013, the impact of the customer data theft could be substantial. No further information has been provided about the nature of the breach but the most likely explanation is that malware was introduced to the eCommerce website to allow customer data to be stolen in a similar way to the Big Fish Games website breach reported last month.

 

NEXTEP Systems provide POS systems to restaurants, corporate cafeterias, casinos, airports and other food service venues. One of their customers – Zoup, with 75 restaurants – was recently identified as being the likely origin of a sequence of fraudulent card transactions.

Further information has now emerged that the breach may in fact be centered on NEXTEP Systems: NEXTEP Systems runs the POS systems on behalf of Zoup and other customers who may also have been compromised. KrebsOnSecurity.com reports that this is not a unique scenario with at least two other POS Vendors – Signature Systems and Advanced Restaurant Management Applications - responsible for breaches affecting hundreds of independent restaurants.

The root-cause for the Target Breach in 2013 was a compromised 3rd Party with access to Target Store systems but whether this was the attack vector used or not the conclusion still is that breach detection is a critical security best practice.

Learn about PCI DSS Compliance

Read the full report on the Mandarin Hotel Group breach here

Read the full report on the BulkReefSupply.com breach here

Read the full report on the NEXTEP Systems POS breach here

 

Products
USA Offices
New Net Technologies Ltd
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
emailUSinfo@nntws.com
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
emailinfo@newnettechnologies.com
NNT Newsletter
Sign up to receive our monthly newsletter covering breaking security news, how-to-tips, trends and commentary directly to your inbox.


We strongly advise NNT Customers and Partners to sign up for our Product Updates Mailing List to receive information on software updates and new product features.

Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Copyright 2017, New Net Technologies Ltd. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies Ltd.
All other product, company names and trademarks are the property of their respective owners.