Oracle investigating data breach at Micros point-of-sale division

Micros was bought in 2014 as one of the largest point-of-sale terminal makers.

Oracle bought the point-of-sale terminal maker in 2014. (Image: file photo)

Oracle has confirmed that it's investigating a breach of its Micros division.

Security journalist Brian Krebs, who first covered the story, said that hackers had compromised hundreds of systems at the software giant's point-of-sale division, and broken into a support portal used by customers of the devices.

Oracle confirmed the breach in an email to ZDNet, saying it had "detected and addressed malicious code in certain legacy Micros systems," but added that Oracle's own systems, corporate network, and other cloud and service offers were not impacted.

Users will have to change their account passwords immediately, the company said in the letter, which will go out to Micros customers in the coming days.

Krebs said that Oracle may be concerned that the hacker group responsible for the breach installed malware on the support portal in an effort to scrape usernames and passwords as they were entered. Those account credentials may be used to remotely administer and access point-of-sale devices located in customers' retail outlets.

The company said that payment data isn't at risk, as that information is encrypted both at rest and in transit.

Micros devices are currently deployed at over 330,000 sites across 180 countries.

Point-of-sale devices are increasingly a target for hackers. In recent months, dozens of machines at Starwood and Hilton hotels were impacted by malware, with the aim of poaching payment and card data, which can be used or sold on to the highest bidder.