When a point of sale system at a restaurant or other business is breached, it affects that business, its clients whose personal financial information is now in the hands of hackers and the partnership between the point-of-sale system vendor and that business. This week, Brian Krebs, technology security blogger, “reached out to Zoup after hearing from financial industry sources about fraud patterns indicating some sort of card compromise at many Zoup locations.”
Zoup, a Michigan based fresh soup company, “operates more than 75 restaurants in the United States and Canada,” according to Business Insurance. The breach seems to have not been directly aimed at Zoup, but rather the company’s point-of-sale technology provider, NEXTEP Systems Inc.
Law enforcement and data analysts alike swarmed to address the issue at NEXTEP, launching an investigation into the causes for the breach, which clients may be affected and how to alleviate the situation. In a press release, NEXTEP offered this in the meantime, “We do know that this is NOT affecting all NEXTEP customers, and we have been working with our customers to ensure that any issues are addressed. This remains an ongoing investigation with law enforcement. At this stage, we are not certain of the extent of the breach, and are working around the clock to ensure a complete resolution.” Even so, the effects this has on the affected customers and confidence of those unaffected is damaging.
Neither clients or security vendors are safe from hacks in the current security environment. NEXTEP is not alone: Earlier this year, Kreb reports, Advanced Restaurant Management Applications (ARMA) and C&K Systems both experienced breaches. Both breaches exposed customer credit card information. The breach at C&K exposed information from “some 330 Goodwill locations nationwide.” Comments on Brian Kreb’s blog, known well by many in the field, argue that tokenization must be expedited to make credit and debit card information less of an easy target.