The already dire state of cyber-security seems to be worsening with each passing day. Today in news for a data breach in its retail division — MICROS systems — is the American software multinational Oracle. It has confirmed that it was breached and is currently investigating the same.
The data breach, first reported by Security researcher Brian Krebs, details that a Russian organized cybercrime group has compromised hundreds of computer systems using the software giant’s point-of-sale division MICROS. They had gained access to a customer support portal for companies using the same.
Oracle has confirmed the data breach saying that,
it had “detected and addressed malicious code in certain legacy MICROS systems.”
The sources close to the investigation state that the reported attack probably started with a single infected system inside the organisation. The intruders, who are currently being recognized as Carabanak Gang, had placed malicious code on the MICROS support portal. This malicious code allowed them to steal customer usernames and passwords when they logged into the support website.
This seems like a serious breach of information, with both employees and customers at risk, but Oracle has added that it has addressed the ‘rogue’ code. It further tried to downplay the situation by stating,
Oracle’s corporate network and Oracle’s other cloud and service offerings were not impacted.
It also emphasized the fact that,
payment card data is encrypted both at rest and in transit in the MICROS hosted customer environments.
Oracle is currently investigating the breach and, hence, is unsure how many systems were actually breached by the hackers. Sources close to the investigation believe that the malicious intrusion has infected more than 700 computers on the server. And just like every other company, Oracle is also in the process of sending forced password reset request to all support accounts on the MICROS portal. It is also recommending customers to change their login credentials if their account was used by a MICROS representative to access their on-premises systems.
Oracle’s MICROS division, which was acquired in 2104, is among the top three point-of-sale vendors globally. It is used at more than 330,000 cash registers worldwide. It further adds that MICROS’s systems were deployed at some 200,000 food and beverage outlets, 100,000 retail sites, and more than 30,000 hotels. Some of its users include big names like Adidas, Burger King and Hilton, among others.
This breach, however, begs us to question ourselves — Was Gartner right in predicting that if digital businesses don’t take proper measures to upgrade their technologies, then over 60 per cent of them will suffer major failures by 2020?
