Security alert focuses on Micros' POS systems

Credit card giant Visa on Friday issued a security alert warning companies using point-of-sale devices made by Oracle’s Micros retail unit.

Credit card industry giant Visa on Friday issued a security alert warning companies using point-of-sale devices made by Oracle’s Micros retail unit to double-check the machines for malicious software or unusual network activity, and to change passwords on the devices.

Visa also published a list of internet addresses that may have been involved in a recent Oracle breach and are thought to be closely tied to an Eastern European organized cybercrime gang, reports security blog KrebsonSecurity.
HEI Hotels announced earlier this month that intruders had broken into its payment network and installed payment-card stealing malware on POS systems at 20 of its properties. HEI brands that were hit by the breach included Marriott, Sheraton, Hyatt, and Westin. Credit and debit card numbers, card expiration dates, and verification codes of an undisclosed number of people who used their cards at these locations were compromised in the breach.

Publicly at least, there has been no confirmation if the breach at HEI is tied to the intrusion at Micros or any of the other vendors, reports Dark Reading, but the proximity of the multiple breach announcements has led to some speculation that there might be a link.

Virtual Event


Survival in these times is highly dependent on a hotel's ability to quickly adapt and pivot their business to meet the current needs of travelers and the surrounding community. Join us for Optimization Part 2 – a FREE virtual event – as we bring together top players in the industry to discuss alternative uses when occupancy is down, ways to boost F&B revenue, how to help your staff adjust to new challenges and more, in a series of panels focused on how you can regain profitability during this crisis.

HEI’s breach announcement came just days after Oracle acknowledged that intruders had broken into a website used by its Micros point-of-sale systems subsidiary to support customers. Oracle said the attackers had placed malware on the site that allowed them to intercept the usernames and passwords used by Micros’ customers, which include many hotels and retails sites, to log into the support site.

RELATED: Cyber insurance is indispensible to hospitality risk management

The breach prompted some concern that the attackers may have used those credentials to then somehow gain access to the networks of Micros’ customers and place malware on their POS networks. The concerns were heightened by subsequent news that the same group that broke into the Micros network may have also managed to infiltrate the networks of five other, mostly small, POS system vendors.

The Visa alert is the first substantive document that tries to help explain what malware and which malefactors might have hit Oracle. Sources close to the investigation saying hackers had broken into hundreds of servers at Oracle’s retail division, and had completely compromised Oracle’s main online support portal for Micros customers.

Micros is among the top three point-of-sale vendors globally, KrebsonSecurity reports. When Oracle bought Micros in 2014, the company said Micros’ systems were deployed at some 200,000+ food and beverage outlets, 100,000+ retail sites, and more than 30,000 hotels.

Oracle also urged Micros customers to change their passwords, and said “we also recommend that you change the password for any account that was used by a Micros representative to access your on-premises systems.”

In addition to Visa’s recommendation, Card Systems also recommended the following:

  1. Conduct another PCI scan to identify any security vulnerabilities (even though you may have recently conducted a PCI scan and passed, internal changes to your network and/or firewalls could have affected security protocols).
  2. Have your IT Department or IT vendor familiarize themselves with the information being disseminated by KrebsonSecurity and Oracle to better understand the nature of the attacks, and apply that knowledge to your circumstance.
  3. Review your current breach protocols to ensure they are up to date. (If your company doesn’t have a protocol, it is imperative to have one. It is a PCI requirement.)
  4. Consider obtaining “breach” insurance. Most breach insurance can offset the devastating financial damage.
  5. Consider installing a device that takes the card number out of the Micros environment so that even if a hacker stole the card number, it is a useless four-digit number.

Suggested Articles

The company's main markets are still substantially affected by the measures rolled out to combat the COVID-19 health crisis.

Revenue per available room and occupancy increased over Q2, but uncertainty around the industry’s recovery remains.

The integration aims to provide hoteliers with seamless and complete visibility over group, catering and event sales performance activity.