Oracle’s MICROS point-of-sale (PoS) systems have suffered a breach by the Russian cybercriminal group Carbanak Gang, KrebsOnSecurity reports. Even as the investigation continues, unconfirmed reports say the violation may have impacted around 700 systems.
Oracle acknowledged the breach, saying they have “detected and addressed malicious code in certain legacy MICROS systems.” The attackers ALSO placed malware on a MICROS support site and used it to access customers’ usernames and passwords when they logged into the Web portal, KrebsOnSecurity says.
Meanwhile, Oracle played down the impact of the breach, noting that “payment card data is encrypted both at rest and in transit in the MICROS hosted customer environments.” One fraud analyst, howeer, says the real risk is to the customer’s on-premise devices.
Oracle is in process of asking MICROS customers to reset password on all support accounts and also those used to access on-premise systems, the report says.
Read full story here.