Newsroom

Point-of-sale solutions vendor NEXTEP Systems has acknowledged what KrebsOnSecurity calls a "potentially wide-ranging credit card breach" affecting one of its biggest customer chains.

The Michigan-based company services restaurants, casinos, airports and other food service venues. Financial industry sources alerted Krebs last week to a possible fraud pattern at NEXTEP client Zoup, which is a soup eatery chain with 75 locations in the northern U.S. and Canada.

NEXTEP President Tommy Woycik responded, "NEXTEP was recently notified by law enforcement that the security of the systems at some of our customer locations may have been compromised. NEXTEP immediately launched an investigation in cooperation with law enforcement and data security experts … We do know that this is NOT affecting all NEXTEP customers, and we have been working with our customers to ensure that any issues are addressed."

Krebs noted that the credit-card fraud discovered at Jimmy Johns last year was also eventually connected to a weakness in its POS vendor, Signature Systems Inc.

NAFCU continues to press Congress for action on national data security and breach notification standards for merchants. It has also provided member credit unions with a sample article they can use to educate their own members about data security and the measures credit unions take to ensure their data remains safe.