On April 27, 2015, the California Office of the Attorney General reported a data breach involving Compass Group USA. The breach occurred between February 2, 2015, and March 9, 2015, due to unauthorized individuals installing malicious software on NEXTEP self-service kiosks, potentially compromising payment card information of users at specific dining locations. The number of individuals affected is not specified.
Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-55656
TPRM report: https://www.rankiteo.com/company/compass-group-north-america
"id": "com237072825",
"linkid": "compass-group-north-america",
"type": "Cyber Attack",
"date": "2/2015",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Food Service',
'location': 'Specific dining locations',
'name': 'Compass Group USA',
'type': 'Company'}],
'attack_vector': 'Malicious Software',
'data_breach': {'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Payment card information'},
'date_detected': '2015-04-27',
'date_publicly_disclosed': '2015-04-27',
'description': 'Unauthorized individuals installed malicious software on '
'NEXTEP self-service kiosks, potentially compromising payment '
'card information of users at specific dining locations.',
'impact': {'data_compromised': 'Payment card information',
'payment_information_risk': 'High',
'systems_affected': 'NEXTEP self-service kiosks'},
'initial_access_broker': {'entry_point': 'NEXTEP self-service kiosks'},
'motivation': 'Financial Gain',
'post_incident_analysis': {'root_causes': 'Unauthorized individuals '
'installing malicious software'},
'references': [{'date_accessed': '2015-04-27',
'source': 'California Office of the Attorney General'}],
'threat_actor': 'Unauthorized individuals',
'title': 'Compass Group USA Data Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'NEXTEP self-service kiosks'}