Visa’s security on Friday (08/12/2016) issued a security alert warning companies using Oracle’s MICROS point-of-sale units to double-check their systems for malicious software or unusual network activity. Visa highly recommends that companies should immediately change passwords on their systems. Visa also published a list of Internet addresses that may have been involved in the Oracle/MICROS breach that are thought to be closely tied to an Eastern European organized cybercrime gang.
In addition to Visa’s recommendation, Card Systems also strongly recommends the following:
- Conduct another PCI scan to identify any security vulnerabilities (even though you may have recently conducted a PCI scan and passed, internal changes to your network and/or firewalls could have affected security protocols).
- Have your IT Department or IT vendor familiarize themselves with the information being disseminated by Krebs Security and Oracle to better understand the nature of the attacks, and apply that knowledge to your circumstance.
- Review your current breach protocols to ensure they are up to date. (If your company doesn’t have a protocol, it is imperative to have one. It is a PCI requirement.)
- Consider obtaining “breach” insurance. Most breach insurance can offset the devastating financial damage.
- Consider installing a device that takes the card number out of the MICROS environment so that even if a hacker stole the card number, it is a useless 4 digit number.