Oracle MICROS Data Breach Compromises Restaurants’ Point-of-Sale Systems

Last week, Oracle confirmed a data breach on its MICROS point-of-sale systems, which are used by restaurants throughout the quick serve and fast casual industry, including 8 of the top 10 quick serve restaurants. Though payment data is encrypted in the MICROS-hosted environment, that information is not encrypted during payment processing—when customers swipe or insert chip cards.
Investigations into the origin and extent of the data breach at Oracle are still underway. In the meantime, restaurants and retailers using MICROS question their exposure. Restaurants and retailers are particularly vulnerable to third-party intrusions via payment systems and other vendors, even those with seemingly innocuous access to a company’s network. To address third-party cyber risk, BDO recommends taking a number of proactive measures, from evaluating vendor contracts to requiring specific protections and developing an incident response plan.
To learn more about the Oracle data breach and suggested proactive measures restaurants can take to minimize third-party cyber risk, read our full client alert here