Oracle has discovered a cyber security breach in its Micros payments system that is used by hundreds of thousands of stores and hotels across the world.
The software company has sent letters to Micros customers asking them to change their passwords and any passwords used by customer services representatives.
In the letter, Oracle said it had “addressed” the malicious code found in the payments system, and that all payment card data were encrypted. It is not known if a hacker was able to decrypt the card data or use it to steal money from consumers. The company said its corporate network and its “other cloud and service offerings” were not affected. The data breach was first reported by cyber security blogger Brian Krebs, who claims a Russian organised cyber crime group called the Carbanak Gang appeared to have breached hundreds of computer systems at Oracle including the Micros system. Oracle would not comment beyond the letter.
Oracle acquired Micros in 2014 for $5.3bn. It said at the time that Micros technology was used at more than 330,000 customer sites in the hospitality and retail industries. In the nine months before it was acquired, two-thirds of its $1bn revenue came from services, with 21 per cent from point of sale hardware and the rest from software. Almost two-thirds of data breaches at retailers were caused by point of sale intrusions in the last year, according to Verizon’s closely watched annual data breaches investigation report.
Some cyber criminals have been concentrating on targeting point-of-sale systems, which collect credit card details when customers make transactions. ever since a high-profile breach at US retailer Target in 2013 showed how vulnerable they can be. Data from about 70m customers including 40m card details was exposed in the Target breach. Over the next year several high-profile retailers in the US were also attacked, including Home Depot, which became the largest breach of a retailer on record, with up to 56m cards affected.
More recently, hackers have targeted the hotel industry, with Hilton Hotels, Starwood Hotels & Resorts, Mandarin Oriental and the Trump Collection all admitting that their payments systems were compromised last year. Shares in Oracle rose slightly to $41.19 in afternoon trading in New York.