Earlier this Monday, August 8, the security enthusiast and journalist Brian Krebs first reported a significant data breach on Oracle’s MICROS point-of-sale terminals, a potential threat to several thousands of businesses and customers.
Krebs first broke the news in a lengthy post on his blog, in which he claimed that further details about the breach are either unknown or have yet to be disclosed. However, he argued that Oracle reportedly knew about the threat and that the company is currently requesting MICROS users to take proper actions to ensure the system’s safety.
Who were the perpetrators?
By tracing the initial malicious access to a particular server, Oracle and MICROS were able to narrow down the scope of suspects to a Russian cybercriminal group known as the Carbanak Gang. If these suspicions are confirmed, it would mean that the MICROS portal is now in the hands of a veteran organization reportedly responsible for stealing over $1 billion from several financial entities and private businesses.
By doing this, the alleged hackers could have retrieved further information from other points-of-sale and, potentially, compromised personal data from customers who have made purchases at said, retailers.
Who should be worried about this hack?
Since Oracle and MICROS are still working to determine the scope and depth of the hack, it is quite complicated and sensitive to make claims about who is truly at risk.
MICROS was acquired by Oracle for over $5 billion to expand its software empire further over the retail and hospitality industries, the core users of the Maryland-based company. Reported numbers from the time of the deal claimed that MICROS systems were in place at more than 300,000 establishments, varying from regular stores to restaurants and hotels.
While Oracle said that the security breach had already been detected and that it did not affect the entirety of the MICROS point-of-sales network, it is unknown whether the malicious code present in the system is just that or something else.
If the hackers managed to somehow get their hands on personal information from customers like credit cards and names, the seriousness of the issue would escalate tenfold. It would not mean only that hackers have potential access and control over credit cards and bank accounts, but also that they have access to the identities of the cardholders.
Oracle has urged all MICROS platform users to change their passwords and stay alert on any suspicious activity at their businesses, while also stating that other cloud-based services from the software giant have not been affected by the breach.
Source: PC World