Hackers Infiltrate Oracle MICROS Point-of-Sale Division, 333,000 Cash Registers At Risk
Oracle purchased MICROS in 2014. At the time, Oracle said its point-of-sale systems were being used at more than 330,000 cash registers around the world, including more than 200,000 in the food and beverage industry, over 100,000 deployed at retail sites, and more than 30,000 in place at hotels. In short, if you've been out to eat, shop, or stayed at a hotel, you may have paid for your goods or services at a MICROS-supported cash register.
It's not yet known when the attackers first gained access to Oracle's systems. Citing "sources close to the investigation," KrebsOnSecurity says Oracle initially thought the breach was limited to a small number of computers and servers at the company's retail division, but it was quickly discovered that malware was present on more than 700 systems.
One of the security experts briefed on the investigation thinks this all started with a single infected system inside of Oracle's network. The theory is that the malware then spread, eventually hitting a customer "ticketing portal" that Oracle uses to help MICROS customers troubleshoot problems with their point-of-sale systems from remote locations.
Malware targeting point-of-sale systems has been popular over the past couple of years. There's been several high profiles attacks resulting in stolen credit and debit card data, including cyber attacks at Target and Home Depot.