A reported data breach affecting retailers using Oracle’s Micros point-of-sale systems could be linked to a Russian hacking group that stole up to $1 billion from banks in 2014.
The attack on Oracle’s computer systems and Micros customer portal first came to light on July 25, according to IT security writer Brian Krebs. That’s when a Micros customer contacted the KrebsOnSecurity blog to report “a potentially large breach at Oracle’s retail division.”
We reached out to Oracle for a comment on the report but did not receive a response before press time. However, Krebs reported that the company, which advised customers to change their Micros portal passwords, had “detected and addressed malicious code in certain legacy Micros systems.”
Call for Password Reset
Founded in 1977, Maryland-based Micros Systems specialized in software and hardware for point-of-sale transactions in stores, restaurants, hotels and other businesses. Oracle purchased Micros for $5.3 billion in 2014.
Oracle most recently updated its Micros offerings in March when it launched the Micros Workstation 6 family of point-of-sale hardware, software and other components. At the time of Oracle’s acquisition of the company, Micros reported its equipment and services were used at 330,000 customer sites across 180 countries.
The recent breach of Micros systems is still being investigated by Oracle, according to Krebs. He cited a “source briefed on the investigation” who said the attack appears to have spread from a single infected system, enabling the attackers to infect the support portal and steal the credentials of users who logged into the customer portal.
Krebs added that Oracle was forcing a password reset for its Micros portal customers but noted that any payment card data handled by the systems was “encrypted both at rest and in transit.”
2104 Attack Hit Banks Globally
According to Krebs, two unnamed security experts said the Oracle…