Select Page

This is a post by Michael Born, the cyber practice leader of Lockton’s Kansas City office. His advice is excellent.


It seems that no matter how sophistated the protections become, the hackers always find another way in, especially when they are seeking credit card data. If they can’t get to that data directly from the retail company, they look for other means of accessing this valuable information. That appears to be exactly what happened to Oracle Corporation’s MICROS point-of-sale systems.

Security blogger Brian Krebs broke the news on August 8, 2016 that attackers had compromised a customer support portal for companies using Oracle’s MICROS point-of-sale payment card systems. MICROS is among the top three point-of-sale system vendors globally. It sells point-of-sale systems used at more than 330,000 cash registers worldwide. When Oracle bought MICROS in 2014, the company said MICROS systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.

On Monday, August 8, 2016, Oracle Security confirmed that it had detected malicious code in certain legacy MICROS systems. Follow this link to see the FAQ released by Oracle. Oracle has asked all MICROS customers to reset their customer portal passwords.

A security alert issued by Visa on August 12, 2016 instructed all companies using MICROS point-of-sale systems to double-check their devices for malware or unusual network activity, as well as change the passwords for any account used by a MICROS representative to access their on-premises systems.

According to various articles, anonymous sources within Oracle have stated that the intruders placed malicious code on the MICROS support portal and that the malware could have allowed the attackers to steal MICROS customer usernames and passwords when customers logged in the support Web site. These compromised credentials for customer accounts at the MICROS support portal could then be used to upload card-stealing malware to some customer point-of-sale systems.

What is My Exposure?

If your business uses a MICROS payment card point-of-sale system, your system could be vulnerable to a breach that would expose customer credit card data.

What Should You Do?

  • Read the FAQ from Oracle providing additional information on the breach and the alert issued by Visa with recommendations for actions to take in response.
  • Engage the key stakeholders in your company (Finance, Legal, IT, and Risk Management) to identify any potential relationship with MICROS and identify any contracts currently in place.
  • As recommended by Oracle and Visa, change passwords for all MICROS accounts, including accounts used by MICROS representatives to access the company’s systems.
  • Scan your network for Indicators of Compromise linked to Carbanak and MalumPOS malware, as detailed more fully in the Visa alert.

If you suspect that your systems might have been breached, in addition to taking remedial measures, you should determine whether your company maintains cyber insurance policies or other policies that might respond to the breach. Notice should be given to insurers immediately after a breach is discovered.