Russian cybercriminals have infiltrated systems at Micros, an Oracle division that is one of the world’s biggest vendors of point of sale payment systems for shops and restaurants, according to an influential security blogger.
The hack has affected 700 computer systems at Micros and is thought to have begun with infiltration on a single machine at the company, said Brian Krebs on his Krebs on Security blog on Monday.
The incident is worrying for the potential size of the hack and the systems affected. Oracle acquired Micros in 2014, when it said Micros systems are used in more than 330,000 sites in 180 countries.
It’s also somewhat embarrassing for Oracle, which heavily markets the security of its products.
Oracle said it had notified Micros customers.
In an undated letter shared with IDG News Service, the company said it had “detected and addressed malicious code in certain legacy Micros systems.” The letter said payment card data is encrypted “both at rest and in transit” in the Micros system.
Oracle said it has “implemented additional security measures” to prevent a recurrence, but it did not describe what they are. It is requiring all Micros customers to change their passwords and the password for any account used by a Micros representative to access the payment system.
Krebs quoted two researchers briefed on the investigation who said Oracle’s customer support portal was monitored communicating with a server run by the “Carbanak Gang,” a Russian cybercrime syndicate.
Restaurants, hotels and department stores have been prime targets for point of sale system hacks in the last two years. Many have had their systems infiltrated, often by attacks on system administration accounts and passwords used for remote access.