Hackers Infiltrate Oracle MICROS Point-of-Sale Division, 333,000 Cash Registers At Risk

MICROS, one of the largest point-of-sale payment systems in the world, has been hacked by a Russian organized cybercrime group with a history of hacking into banks and retailers. The full extent of the security breach is still being evaluated, but given the size and scope of MICROS, this could turn out to be another lucrative payday for the Russian cyber thieves.

Oracle purchased MICROS in 2014. At the time, Oracle said its point-of-sale systems were being used at more than 330,000 cash registers around the world, including more than 200,000 in the food and beverage industry, over 100,000 deployed at retail sites, and more than 30,000 in place at hotels. In short, if you've been out to eat, shop, or stayed at a hotel, you may have paid for your goods or services at a MICROS-supported cash register.


It's not yet known when the attackers first gained access to Oracle's systems. Citing "sources close to the investigation," KrebsOnSecurity says Oracle initially thought the breach was limited to a small number of computers and servers at the company's retail division, but it was quickly discovered that malware was present on more than 700 systems.

One of the security experts briefed on the investigation thinks this all started with a single infected system inside of Oracle's network. The theory is that the malware then spread, eventually hitting a customer "ticketing portal" that Oracle uses to help MICROS customers troubleshoot problems with their point-of-sale systems from remote locations.

Oracle has begun contacting MICROS customers and advising them to "change the password for any account that was used by a MICROS representative to access your on-premises systems."

Malware targeting point-of-sale systems has been popular over the past couple of years. There's been several high profiles attacks resulting in stolen credit and debit card data, including cyber attacks at Target and Home Depot.