SAN FRANCISCO — One of the largest point-of-sale payment systems in the hospitality industry, used in restaurants and hotels globally, has been breached by a Russian organized crime group, computer security writer Brian Krebs reported Monday.
The breach occurred in systems run by MICROS Systems, which was purchased by Oracle in 2014.
Oracle security engineers found malware in some systems run by MICROS and identified the affected systems and blocked malicious processes and unauthorized network connections, the company said in an undated letter and FAQ sent to customers, which it provided to USA TODAY on Monday.
In the letter, Oracle assured customers that “payment card data is encrypted both at rest and in transit in the MICROS hosted environment.”
Whether that meant actual customer financial data was accessed by the hackers in unknown.
Krebs, who has deep sources in the Russian criminal underground, reported that the breach was tied to Russia’s Carbanak Gang, which stole over $1 billion from banks worldwide in 2015.
The Redwood Shores, Calif.-based company said it would contact customers whose data was affected by the malware.
In response to the discovery, Oracle is requiring all MICROS customers to change the passwords for all MICROS accounts. In addition, it recommended that customers change the passwords “for any account that was used by a MICROS representative to access your on-premises systems,” the letter said.
According to Oracle, MICROS point of sale programs were used by hotels, food and beverage facilities and retailers at more than 330,000 sites in 180 countries in 2014.
MICROS is “huge” in the hospitality industry, one of its largest if not the largest point of safe and software systems, said Henry Harteveldt of Atmosphere Research Group in San Francisco.
“MICROS could be at the front desk, it could be in the coffee shop, the restaurant, the golf course, the night club, everything. When a hotel signs up, it is operating in dozens if not more places within in a typical mid-sized or large hotel,” he said.
Neither Oracle’s internal corporate network nor its other cloud and service offerings were impacted by the malware, the company said.
Security analyst Avivah Litan with technology research company Gartner called the news “disturbing.”
“This is a very big deal,” she said. “It just indicates how hackers can gain access to customer credentials and allegedly secure customer systems through a hack into the back end where it all comes together.”