Computer systems at MICROS, a division of Oracle, have suffered a data breach that also has compromised a customer support portal for its MICROS point-of-sale credit card payment systems, according to a report in KrebsOnSecurity.
Oracle, which purchased MICROS in 2014, has confirmed that it is investigating a breach at the POS division. In an email to ZDNet, the company said it had "detected and addressed malicious code in certain legacy MICROS systems," but that Oracle's own systems, corporate network, cloud and other services were not affected. The company also noted that payment card data is encrypted both at rest and transit in MICROS-hosted environments.
The Krebs report cited security experts who have been briefed on the breach as saying the customer support portal was seen to be communicating with a server known to be used by the Carbanak Gang, part of a Russian cybercrime group suspected of stealing more than $1 billion from banks, retailers and hospitality companies over the past several years.
Recent data breaches, such as the 2014 hack of Home Depot and the 2013 Target compromise, have been attributed to malware affecting POS terminals in stores. The malware usually is installed via hacked remote administration tools. If these criminals have been able to compromise multiple MICROS customers via their infiltration of the vendor's support portal, it's possible this breach's effect could be far more widespread than those inflicted on any individual retail company.
- EPrivacy — Are You Ready For The Next Chapter In Data Compliance?
- Banana Republic Streamlines Merchandising Efforts With New Cloud Service
- Privacy Paradox: 86% Of Consumers Want Opt-Out Control, But 56% Value Personalized Offers
- Turning Retailers’ Cybersecurity Strategy Inside Out
- The ‘Art’ And ‘Science’ Of GDPR Consent For Retailers