Software giant Oracle Corporation became the victim of a data breach last week when a Russian organized cybercrime group gained access to hundreds of their systems. According to security experts the group gained access through a customer support portal for companies that use the MICROS point-of-sale software from Oracle. The MICROS software payment system is an extremely widely used credit card processing system and is used in more than 330,000 cash registers throughout the world. This makes MICROS undoubtedly one of the most used POS systems worldwide, and its compromising is a cause of great concern to both consumers and businesses alike.
The extent of the breach is currently unknown as Oracle has been somewhat slow to comment on what exactly has occurred, so far only revealing that malware was found in some systems run by MICROS and both unauthorized network connections and malicious processes had to be blocked. Oracle has also informed consumers that their credit card processing system ensures that data is encrypted throughout MICROS systems and which means they are less likely to be at risk. It is unclear at this time if customer data was even seized, however MICROS is encouraging all of its customers to err on the side of caution and reset their passwords and check their credit card statements.
A source with ties to the Russian criminal underground has claimed that this same group is tied to or responsible for stealing over $1 billion from banks worldwide last year through a series of malicious data breaches and hacking of merchant services worldwide. If this claim is true, this gang certainly knows what they are doing and as a result the breach could potentially be much larger than anticipated. Oracle themselves say initially they expected the data breach to be somewhat localized to just a handful of systems but soon realized that it had reached in excess of 700 systems for merchant services.
MICROS is a massive service throughout industries ranging from hospitality to standard retail cash registers, and it’s wide span of use should be cause for concern for a great deal of businesses. While it is unlikely that this data breach was an attempt to steal personal info from consumers, given the gang’s past, it cannot be completely ruled out as a possibility. However, it is far more likely that this was a robbery, perhaps of funds or at worse accessing various credit card processing information through MICROS systems in order to steal from individuals.
Regardless of their intentions, the MICROS data breach is being touted as nothing less than a “very big deal.” It is potentially one of the largest data breaches in recent memory and one that certainly has the potential to be the most impactful to many consumers and businesses worldwide. It just goes to show that no company can be too secure when it comes to their merchant services and credit card processing systems.