One of the world's top three pont-of-sale credit card payment systems has been breached by Russian hackers, according to press reports, affecting hundreds of thousands of check-out points.
Brian Krebs' KrebsOnSecurity reports that a Russian organized cybercrime group "appears to have breached hundreds of computer systems at software giant Oracle Corp." Among the systems breached was Oracle's MICROS point-of-sale system.
Oracle acknolwedged it had "detected and addressed malicious code" in some legacy MICROS systems and asked all MICROS customers to change their passwords.
"To prevent a recurrence, Oracle implemented additional security measures for the legacy MICROS systems," Oracle said in a letter to customers quoted by CNBC.
MICROS is among the top three point-of-sale vendors globally, manufacturing point-of-sale systems used at more than 330,000 cash registers worldwide.
Krebs said the breach appeared tied to the Carbanak Gang, which is suspected of stealing more than $1 billion from banks, retailers, and hotels last year.
Krebs has been investigating the incident since a customer emailed him on July 25 to say he had heard about a potentially large breach at Oracle's retail division.
What to do
The breach does not appear to pose a direct threat to consumers. If the hackers intercepted point-of-sale information, they would gain access to customer names and card numbers but presumably not any other information, although that can't be positively determined until more is known about the breach.
Banks and potentially some retailers would be liable for losses.