Skip to main content

Oracle's point-of-sale unit breached, user data 'safe'

Another day, another major data breach. This time it's Oracle's MICROS, its point-of-sale division, that got hurt. According to security researcher Brian Krebs, who first disclosed the breach in a blog post (you can read it here), chances are, a Russian organised cyber-crime group is behind this.

The group, called Carbanak, has placed malicious code in the company's software, and apparently – 700 internal systems were compromised.

According to Oracle, 'certain legacy MICROS systems' were affected, and the hackers were onto the company's customer support portal for credit card payment systems. Oracle is now asking users to change their passwords, but said that user data is actually safe.

"Oracle security has detected and addressed malicious code in certain legacy MICROS systems,” the company told its customers, according to The Inquirer. “Oracle's corporate network and other cloud and service offerings were not impacted by this code. Payment card data is encrypted at rest and in transit in the MICROS hosted environment," the email said.

The biggest issue here is that the company still doesn't know the extent of the breach, and is currently investigating.

"Sources close to the investigation say Oracle first considered the breach to be limited to a small number of computers and servers at the company’s retail division,” Krebs wrote in a blog post.

“That source said that soon after Oracle pushed new security tools to systems in the affected network investigators realized the intrusion impacted more than 700 infected systems.”

Carbank is a notorious cyber-criminal group which has, allegedly, stolen more than $1 billion from various banks and retailers over the course of the past few years.

Image Credit: Ken Wolter / Shutterstock