330,000 Exposed in Oracle MICROS Breach
One of the top three global point-of-sale providers, MICROS which was purchased by Oracle in 2014, has been breached. This is quite the cause for concern, as MICROS is currently deployed in over 180 countries, to over 330,000 sites.
Oracle did acknowledge security journalist, Brian Krebs, stating they had “detected and addressed malicious code in certain legacy MICROS systems.” While the company also claims that payment data is not at risk, as that “information is encrypted both at rest and in transit”, Krebs still warns that the support portal could be an issue. Oracle has encouraged all customers to reset their passwords immediately for the MICROS online support portal, but have noted that Oracle’s own systems, corporate networks, and cloud services were not affected.
Point-of-sale based malware is a growing problem. Hotels, restaurants and retail locations are considering prime targets for hackers to steal credit card information. In the past twelve months we have already seen breaches at Trump, Hilton and Hyatt, to name a few of the big players in the hotel industry, and we cannot forget about Target and Home Depot in the retail sector. Once attackers have installed their malware devices onto the POS devices, it’s simple for them to remotely retrieve data from any and all cards processed.
As we have previously blogged with the Kimpton breach, here are some key recommendations from our team of experts for ensuring your POS systems are secure and safe:
- Keeping POS software up to date and performing vulnerability testing
- Restrict internet access from POS systems and terminals
- Monitor POS systems and all data activity
- Use secure (and consistently updating) passwords and 2-factor authentication
- End-to-end encryption for all POS data
- Install firewalls and run anti-malware software
- Don’t forget about physical security – train employees to be on the lookout for tampering attempts!
Connect with Secure Sense to protect data, your network, and systems 24/7, 365 days a year. If you have questions or want to learn more, please contact Secure Sense by calling 866-999-7506.