Oracle MICROS POS code
Oracle Micros Data Breach Summary
Hacked: Oracle Micros POS Division
Hacker: Carbanak Gang (Russian Cyber Crime Syndicate)
Affected Systems: Oracle Micros Support Portal, Oracle Micros systems
Size and Scope: TBD
Immediate Action: Customers should immediately reset passwords for the Oracle Micros Support portal
More Information
Oracle Micros has announced that a data breach, of yet unknown size and scope, has affected their customer portal and some computers and servers within their retail division. The full scope of the breach is still unknown. Merchants who have implemented a PCI Validated P2PE solution (and likely any SRED-based encryption solution) need not worry, as a properly implemented PCI P2PE solution does not allow unencrypted data within the POS environment (even if the POS server is hosted in the cloud).
A core requirement for PCI P2PE solutions is that the merchant has no access to the decryption key, and therefore nor does the compromising hacker, making encrypted card data relatively impossible to decrypt. Major data breaches have not subsided, and all merchants – regardless of size – should consider de-sensitizing and removing their environment from scope by implementing a PCI P2PE security solution to protect their customers’ data. The PCI Security Standards Council built the P2PE standard for a reason, and it is the best option for any merchant looking to protect their organization and brand. The full list of PCI P2PE solutions can be found here:
Full Article (Source: Krebs on Security)
A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.
Related posts: