Another Victim Succumbs To NEXTEP Malware Attack

Last month, point-of-sale vendor NEXTEP Systems confirmed a security breach that exposed sensitive information of payment cards used at the Zoup restaurant chain. On Thursday (April 30), the company reported yet another potential victim of the security breach.

According to reports, the hack has likely affected foodservice management firm Compass Group and its customers. The breach may have compromised card data for as many as 70,000 Compass customers.

“Based upon an extensive forensic investigation, it appears that unauthorized individuals installed malicious software designed to capture payment card information on certain NEXTEP self-serve payment kiosks used at a limited number of our on-site dining locations,” Compass Group said in a statement posted to its customer FAQ page. “We believe that the malware could have compromised payment card data (including name, payment card account number, card expiration date, and the CVV security code) of individuals who used a payment card at impacted NEXTEP self-serve payment kiosks in use at certain on-site dining locations, between February 2, 2015, and March 9, 2015.”

The company added that only a portion of its POS terminals were infected with the malware, though the company did not specify which locations were specifically hit. Compass also said that it will offer a year of identity theft monitoring services to any customer that used these POS terminals between the dates specified.

Compass’ announcement follows March reports that “a large number” of Zoup POS terminals were breached through the malware attack. The company runs 75 restaurants in its chain.

In a statement following news of Zoup’s breach, NEXTEP President Tommy Woycik told reporters that the company immediately launched an investigation with law enforcement officials after becoming aware of the crime. The company was quick to assure that not all NEXTEP business customers were affected by the malware attack, but “at this stage, we are not certain of the extent of the breach, and are working around the clock to ensure a complete resolution.”



The PYMNTS Cross-Border Merchant Friction Index analyzes the key friction points experienced by consumers browsing, shopping and paying for purchases on international eCommerce sites. PYMNTS examined the checkout processes of 266 B2B and B2C eCommerce sites across 12 industries and operating from locations across Europe and the United States to provide a comprehensive overview of their checkout offerings.

Click to comment