Hot News:
Network of 330,000 cash registers is hacked
SAN
FRANCISCO — One of the largest point-of-sale payment systems in the
hospitality industry, used in restaurants and hotels globally, has been
breached by a Russian organized crime group, computer security writer Brian Krebs reported Monday.
The breach occurred in systems run by MICROS Systems, which was purchased by Oracle in 2014.
Oracle
security engineers found malware in some systems run by MICROS and
identified the affected systems and blocked malicious processes and
unauthorized network connections, the company said in an undated letter
and FAQ sent to customers, which it provided to USA TODAY on Monday.
In
the letter, Oracle assured customers that “payment card data is
encrypted both at rest and in transit in the MICROS hosted environment.”
Whether that meant actual customer financial data was accessed by the hackers in unknown.
Krebs, who has deep sources in the Russian criminal underground, reported that the breach was tied to Russia's Carbanak Gang, which stole over $1 billion from banks worldwide in 2015.
The Redwood Shores, Calif.-based company said it would contact customers whose data was affected by the malware.
In
response to the discovery, Oracle is requiring all MICROS customers to
change the passwords for all MICROS accounts. In addition, it
recommended that customers change the passwords “for any account that
was used by a MICROS representative to access your on-premises systems,”
the letter said.
According to Oracle, MICROS point of sale programs were used by hotels, food and beverage facilities and retailers at more than 330,000 sites in 180 countries in 2014.
MICROS
is "huge" in the hospitality industry, one of its largest if not the
largest point of safe and software systems, said Henry Harteveldt of
Atmosphere Research Group in San Francisco.
“MICROS could be at
the front desk, it could be in the coffee shop, the restaurant, the golf
course, the night club, everything. When a hotel signs up, it is
operating in dozens if not more places within in a typical mid-sized or
large hotel,” he said.
Neither Oracle’s internal corporate network
nor its other cloud and service offerings were impacted by the malware,
the company said.
Security analyst Avivah Litan with technology research company Gartner called the news “disturbing.”
“This
is a very big deal,” she said. “It just indicates how hackers can gain
access to customer credentials and allegedly secure customer systems
through a hack into the back end where it all comes together.”
************
You have a fix for this, DW Agent! Those restaurants, casinos, etc. using Micros can get a quick (relatively) inexpensive (relatively) secured lockdown on their system -- through you and DW's strategic partners.
See past blog for notes re. this!
*************
| Relevant letter .. feel free to edit for your use: |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Mr.
Restaurant Owner: Are
you looking for ways
to secure
your payment environment, protect against potential breaches
and get EMV ready?
|
|
|
|
Oracle has selected
Elavon as their first partner to utilize the MICROS Payment Gateway (MPG) in North
America to jointly deliver a secure, future-ready solution. Elavon
is certified to MPG and best of all, Elavon is ready now for EMV. Elavon’s security solution also
protects against breach exposure with card encryption, tokenization and provides advanced payment
acceptance
capabilities such as Apple Pay™.
|
|
|
|
Elavon’s
Simplify application, a key component
of the overall solution, is already
EMV-enabled. When
the liability shift happens, you won’t
need to change your current platform
or upgrade your POS
software. Simplify will work with your pre-existing Oracle Hospitality POS and
removes the POS from PCI scope through
its unique semi-integrated delivery. Simplify isolates sensitive cardholder
data from
the payment system by securely
encrypting it at the start and during the payment
authorization process.
|
|
|
|
Elavon’s
Safe-T service and Simplify application offer many
benefits. These include:
|
|
|
|
|
|
|
• Point-to-Point
Encryption (P2PE) and
Tokenization
|
|
|
|
• NFC
payments acceptance (i.e. Apple Pay™)
|
|
|
|
|
|
|
• Lower overall cost of maintenance and support
|
|
|
|
• Less complex upgrades made
at the hosted
level versus local application level
|
|
|
|
|
For more information on
Elavon’s security
solution please let me set
up a consultation call with our West Coast MICROS specialist. Call me today…
Michael Lammons
Your Local Digital World Agent
559.824.3254
|
|
|
|
|
Elavon, Inc.
and Oracle
Corporation are separate legal entities, which are not affiliated with
each other
in any way by common
ownership, management, control, or otherwise. The content, application, function, and performance of their systems and their
individual products
are the responsibility
of each respective company.
Security solutions incorporating MPG, Simplify, and Safe-T may not be suitable
for all merchant
customers.
************
If you have an interested hotel or restaurant or casino owner, contact support and DW will set up call with Peter or Casey, the Micros Experts.
************
|
|
No comments:
Post a Comment