Oracle's Micros POS systems compromised in hack; customer data might be at stake

Oracle is in trouble again . This time, a Russian cybercrime group breached hundreds of computer systems belonging to Oracle’s retail division. The breach is also reported to have impacted Oracle’s Micros point-of-sale (POS) systems, potentially compromising customer data. KrebsonSecurity reports that the breach “compromised a customer support portal” for companies that use Micros. Micros is among the top three vendors in the POS space and the full extent of the damage, if any, is yet uncertain. The system is said to have been deployed at over 330,000 locations across 180 countries. When contacted by KrebsonSecurity, Oracle confirmed the data breach and claimed to have fixed certain vulnerabilities in “legacy Micros systems” as well as informed their customers of the breach. Micros users have also been asked to reset their passwords for the online support portal. The report adds that Oracle isn’t aware of exactly when the breach took place and expected it to be a small intrusion. Only later did they realise that the breach affected over 700 computers at Oracle’s retail division. Hackers allegedly used a single infected system to compromise many more, including a ticketing system used to “remotely troubleshoot problems with their [Micros’] POS systems.” The code potentially allowed hackers to steal customer login information and passwords. The report points out that the recent high-profile data breaches at portals like Target and Home Depot were the result of a POS system breach. Hackers who compromise the on-premise POS systems have the ability to steal credit card information.