Hackers infect Oracle's credit card reading machines

The company says any customer information exposed was unreadable.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce | Amazon | Earned wage access | Online marketplaces | Direct to consumer | Unions | Labor and employment | Supply chain | Cybersecurity | Privacy | Stalkerware | Hacking Credentials
  • 2022 Eddie Award for a single article in consumer technology
Laura Hautala

When you hand your credit card over at a restaurant a hotel room, you probably don't mean to give your information to hackers, too.

But that appears to be what hackers tried to make happen on card-reading machines sold by Oracle under the Micros Systems brand, which the company said were infected with malware in an undated letter sent to customers.


Oracle said Monday some of its MICROS systems credit card readers were affected by malicious software. Here, a cashier prepares to swipe a customer's card with a card-reader of a different brand.

Joe Raedle, Getty Images

"Oracle Security has detected and addressed malicious code in certain legacy Micros systems," the letter said.

According to Brian Krebs, a security expert who first reported the breach on Monday, the card readers were used by retailers, restaurants and hotels at more than 330,000 cash registers when Oracle bought Micros in 2014.

Data on the systems is encrypted at all times, Oracle said in its letter. In an FAQ, the company added, "In the event that Oracle determines that your data was impacted, Oracle will contact you directly."

Still, the letter suggested companies using the card-readers should take precautions.

"Consistent with standard security remediation protocols, Oracle is requiring Micros customers to change the passwords for all Micros accounts."