At the beginning of August 2016, a network of over 330,000 POS systems run by MICROS, part of Oracle Corp., was hacked by a cybercrime group, leaving all merchants using the system vulnerable. The hackers also completely compromised Oracle’s main online support portal for MICROS customers. Oracle did not disclose how many MICROS users were affected by the breach, or whether the hackers had actually decrypted the card data and stolen money from the consumers. They did, however, acknowledge that they had “detected and addressed malicious code in certain legacy MICROS systems.”
Malware all around
A few days later, it was revealed that at least five more POS system providers were breached by hackers, compromising as many as 1 million cash machines and point of sale systems worldwide. Card-stealing malware was also found in the POS systems at twenty HEI Hotels & Resorts properties. The group operates major hotel brands including Marriott, Hyatt, Sheraton and Intercontinental. The payments systems at Noble House Hotels & Resorts have been infected twice in less than a year. The credit card info of tens of thousands of guests at the Hutton Hotel in Nashville may have been left vulnerable, as the hotel discovered its systems had been compromised for almost four years, between September 2012 and June 2016. In the case of fashion retailer Eddie Bauer, customer card information was stolen when malware was found in the POS systems in every single one of its 350 stores across USA and Canada. The malware had been present in the machines for at least 6 months before its discovery.
Is your POS at risk?
According to Verizon’s annual Data Breach Investigations Report, last year almost two-thirds of data breaches at retailers were caused by point of sale intrusions. According to the Identity Theft Resource Center (ITRC), data breaches are on the rise: there have already been 601 recorded incidents this year. It’s an alarming number, especially considering that in 2015 there were 781 incidents in total. Given the rising concern, we want to reassure all our customers and system users: you can keep your customer payment data safe by using LS Retail software alongside a PCI-certified payment service provider.