Skip to main content
close search
site logo
Dive Brief

Oracle admits hack compromised merchant POS portal

Published Aug. 8, 2016
By
Contributor
Flickr user Peter Kaminski

Dive Brief:

  • Oracle Corp. confirmed to Krebs on Security that some of its systemsincluding a customer portal supporting merchants using Oracle's Micros point-of-sale payment systemhave been breached, allegedly by a well-known group of Russian criminal hackers.

  • A Gartner analyst believes the attack may be linked to POS hacks and incidents of stolen payment card data that have occurred at retailers, restaurants and other merchant locations in recent months. Oracle is instructing merchant customers to change their log-in passwords for the portal.

  • Oracle acquired the Micros technology two years ago for $5.3 billion, and the POS terminals are used at about 330,000 locations in 180 countries, putting them among the three most widely used POS systems in the world.

Dive Insight:

Though this was not a direct hack of a retailer, it certainly takes one back to the devastating security attacks suffered by retailers such as Target and Home Depot. It's also a reminder at a time when retail is in hackers' sights more than ever before that an attack doesn't have to target a retailer specifically in order to threaten to retailers and their customers.

And by the way, we may not know the full extent of the attack and its implications yet. What may be most startling is that Oracle at this point seems to know quite little about the attackhow and when it happened, for how long it went on, and to what extent merchant data may have been accessed.

Oracle is reassuring its customers that transactions are encrypted, but the real fear is that if hackers accessed credentials allowing them to remotely access in-store POS equipment, they might be able to install malware capable of collecting customer card data. Already, there's an open questionand no answers as of yetas to whether information accessed in the Micros hack already has been used to attack merchant POS systems.

Is your sense of déjà vu about previous large-scale data breaches suddenly growing more acute?

The retail industry is going to hope it doesn't hear much more about this one until Oracle comes back with a post mortem based on its ongoing investigation, but this initial incident itself should be enough to force retailers and their suppliers and partners to take a much closer look at how security is implemented and managed throughout every inch of their ecosystem. The best attitude to have is that if there is a gap in security, and you don't find it, someone else will.

Recommended Reading

Filed Under: Operations, Technology

Editors' picks

Company Announcements

View all | Post a press release
RDSolutions Unveils Rebrand and Comprehensive Service Suite to Optimize Retail Performance and…
From RDSolutions
November 05, 2024
Celonis AgentC: Making AI Agents Work for the Enterprise with Process Intelligence
From Celonis
October 23, 2024
Aroma Retail Supports Exponential Ecommerce Growth with Descartes Parcel Shipping Solution
From Descartes Systems Group
November 04, 2024
The Tile Shop digitizes and automates store facilities operations with Facilio’s Connected CMMS
From Facilio
October 17, 2024
Editors' picks
Latest in Operations
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell