Oracle’s MICROS, one of the top three global point-of-sale vendors, may have been breached by a Russian organized crime group know for targeting banks and retailers. Cybersecurity journalist and researcher Brian Krebs reported on the potential MICROS breach this afternoon in a report on a larger breach of Oracle Corp’s computer systems. Per Krebs’ report:
MICROS is among the top three point-of-sale vendors globally. Oracle’s MICROS division sells point-of-sale systems used at more than 330,000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS’s systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.
Experts believe the breach may allow the hackers to remotely install malware of retailer’s point-of-sale systems to capture data from each card swiped at the cash register.
Retailers with MICROS as their POS vendor should immediately investigate the integrity of their POS systems and their MICROS account. If malware is suspected on your POS systems, cybersecurity experts can mitigate and remediate the potential data breach and theft of your customers’ credit card information.
Retailers who suspect malware on their POS systems must also act promptly to limit and mitigate their legal exposure to card-issuers, consumers, and state and federal regulators, among others. Important to mitigating potential liability is the prompt investigation and notice of any potential insurance policies that may cover losses related to a data breach. In particular, retailers with cyber-insurance policies may have coverage for the expense of investigating and remediating a breach of their POS system regardless of whether there is subsequent liability to third-parties.