{"id":75998,"date":"2015-03-19T22:08:37","date_gmt":"2015-03-20T02:08:37","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-07-20T11:56:41","modified_gmt":"2021-07-20T15:56:41","slug":"zoup-pos-breached","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/zoup-pos-breached\/","title":{"rendered":"ZOUP! POS Breached"},"content":{"rendered":"

\"ZOUP!<\/a>Another day, another data breach<\/a>. Zoup!<\/strong> the restaurant known for its soup, salad, and sandwiches is the latest retailer to have it POS system hacked. The hack exposed credit card information hacked<\/strong> according<\/a> to MLive<\/em><\/a>. From a statement posted on the Zoup!<\/a> website Zoup! CEO Eric Ersher told<\/a> their customers victims \u2013 too bad so sad, \u201c\u2026 in the days ahead, we will work hard to preserve your trust.<\/em>\u201d<\/p>\n

\"ZOUP!<\/a>Apparently re-gaining my trust does not include telling me my information was stolen<\/strong>, or the usual credit monitoring<\/strong> or credit restoration services<\/strong>, according to MLive<\/em> Southfield, MI<\/a>-based Zoup! will not be contacting customers who were affected by the cyber-attack.<\/p>\n

The stonewall goes beyond Zoup!’s customers. When contacted by security researcher Brian Krebs<\/a>, for comment CEO Ersher referred calls to NEXTEP<\/a>, who runs all of Zoup!s point-of-sale devices<\/strong>. Troy, MI<\/a>-based NEXTEP President Tommy Woycik emailed Mr. Krebs a statement<\/a>, which says in part, \u201cNEXTEP was recently notified by law enforcement<\/strong> that the security of the systems at some of our customer locations may have been compromised.<\/em>\u201d<\/p>\n

\"\"<\/a>The MLive<\/em> article reports that Zoup! learned March 4 of a payment card security issue that affected most of its U.S. locations. Between Feb. 2 and March 5,<\/strong> the malware installed on the point-of-sale system was tracking credit card numbers<\/strong>, and possibly PII<\/strong> data such as the cardholders’ name, card expiration date, and verification code.<\/p>\n

POS<\/a> vendors have a notorious track record for data security<\/a>. One breach can impact 100’s of locations. The 2014 breach at the POS vendor Signature Systems Inc<\/a>. affected Jimmy John sandwich shops<\/a> and at least 100 other restaurants. The 2015 breach at Advanced Restaurant Management Applications<\/a>\u00a0<\/span>(ARMA) affected many of its client restaurants. And now Nextep has impact up to 75 Zoup! locations and possibly 100,000’s of customers.
\n<\/span><\/p>\n

\"What<\/a>CEO Ersher stated in a statement in a statement, “… we moved as swiftly as possible to address the problem once we learned about it …<\/em> ” Oh really? if they had read Bach Seat<\/em><\/a> last year when I wrote<\/a> about POS hacks or paid attention to US-CERT<\/a> or warnings they would have been prepared.<\/p>\n

The company set up a website<\/a> for customers with concerns or call Zoup! at 800-343-9308, Monday – Friday, 8 a.m. – 5 p.m. ET.<\/p>\n

rb-<\/strong><\/em><\/p>\n

I think that Zoup! should cool the attitude and review the info I posted in 2014 on how to avoid POS System breaches.<\/em><\/p>\n

1.\u00a0 Change administrative passwords on all POS systems.<\/strong> (Hackers are scanning the Internet for easily guessable passwords).<\/em><\/p>\n

2.\u00a0 Implement a firewall or access control list on remote access \/administration services.<\/strong> (If hackers can\u2019t reach your systems, they can\u2019t easily steal from it).<\/em><\/p>\n

3.\u00a0 Avoid using POS systems to browse the web<\/strong> (or anything else on the Internet).<\/em><\/p>\n

4.\u00a0 Make sure your POS is a PCI DSS compliant<\/a> application<\/strong> (ask your vendor) <\/em><\/p>\n

5.\u00a0 Use password management software like LastPass<\/a> to generate secure passwords. <\/strong>(<\/em>LastPass<\/em> allows you to avoid storing passwords in your browsers and can generate ready-to-use secure passwords for you).<\/p>\n

Related articles<\/h6>\n