Last month, point-of-sale vendor NEXTEP Systems confirmed a security breach that exposed sensitive information of payment cards used at the Zoup restaurant chain. On Thursday (April 30), the company reported yet another potential victim of the security breach.
According to reports, the hack has likely affected foodservice management firm Compass Group and its customers. The breach may have compromised card data for as many as 70,000 Compass customers.
“Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software designed to capture payment card information on certain NEXTEP self-serve payment kiosks used at a limited number of our on-site dining locations,” Compass Group said in a statement posted to its customer FAQ page. “We believe that the malware could have compromised payment card data (including name, payment card account number, card expiration date, and the CVV security code) of individuals who used a payment card at impacted NEXTEP self-serve payment kiosks in use at certain on-site dining locations, between February 2, 2015, and March 9, 2015.”
The company added that only a portion of its POS terminals were infected with the malware, though the company did not specify which locations were specifically hit. Compass also said that it will offer a year of identity theft monitoring services to any customer that used these POS terminals between the dates specified.
Compass’ announcement follows March reports that “a large number” of Zoup POS terminals were breached through the malware attack. The company runs 75 restaurants in its chain.
In a statement following news of Zoup’s breach, NEXTEP President Tommy Woycik told reporters that the company immediately launched an investigation with law enforcement officials after becoming aware of the crime. The company was quick to assure that not all NEXTEP business customers were affected by the malware attack, but “at this stage, we are not certain of the extent of the breach, and are working around the clock to ensure a complete resolution.”