As Oracle (ORCL - Get Report) grapples with a data breach involving hundreds of computer systems, the latest attack illustrates the lure of retail for cyber crime groups and underscores security risks that come with companies' ongoing shift to the cloud.
A Russian cyber crime group was responsible for the breach at Oracle, security blog Krebs on Security reported Monday. In particular, the group has attacked a customer support portal for companies that use Oracle's Micros payment system, a point-of-sale (POS) system that processes transactions at various locations such as cashiers. At the time Oracle acquired Micros back in 2014, Micros said its systems were deployed at over 300,000 sites.
In response to the breach, Oracle has asked all of its Micros customers to reset their passwords.
In afternoon trading on Tuesday, Oracle's share price were relatively flat, up about 0.06% to $41.19.
Oracle acquired Micros in 2014 for about $5.3 billion. As one of the top POS vendors along with IBM (IBM - Get Report) , Micros offers a range of cloud-based payment applications for the hotel, food and retail industries. It sells systems used at over 330,000 cash registers worldwide. It's unclear how many systems were breached as part of the attack.
While the scope and cause of the breach is still unclear, it's unlikely to have a material impact on Oracle, said Wedbush analyst Steve Koenig. Micros contributes just $1.4 billion to Oracle's total annual revenue of $37 billion and won't see its market position change from the breach, he predicted.
Still, the attack does highlight the need for software companies to be more careful about security breaches, especially as companies shift more of their data to the cloud.
"With the cloud, you typically have a lot of customers with shared resources," he said. "If those shared resources get breached, you have many customers getting affected."
The shift to the cloud could pave the road for greater harm -- for example, loss of customer data and reputation damage -- Koenig added.
Oracle becomes the latest company in the spotlight as cybersecurity attacks continue to become more frequent and sophisticated.
The attacks have shifted from attacks on one nation by another to efforts against enterprises, particularly those in the POS segment mainly due to its exposure to transactions, he explained.
"The strategy is to go where the money is," Koenig explained. "Certain software companies that serve the banking and retail industries have to be extremely vigilant."
For instance, retailers Target (TGT - Get Report) and Home Depot (HD - Get Report) have been victims of data breaches in recent years, with the companies exposing customer data as a result of the attacks.
"The need is there for all software companies to worry about this," Koenig added.
Cloud vendors -- particularly those in e-commerce -- are vulnerable because they have sensitive customer data and information as well as exposure to transactions, agreed SunTrust analyst John Rizzuto, adding that other software makers that fall into this category and may need to be mindful include NewRelic (NEWR - Get Report) and (ULTI - Get Report) .
As for Oracle, the Redwood City, Calif.-based tech behemoth has been betting big on the cloud. It has partly turned to M&A to further propel this effort, having agreed to buy NetSuite (N) for $9.3 billion, Opower (OPWR) for $551.6 million, Textura for $663 million and Ravello Systems for $500 million this year alone.
Oracle's endeavor is still in the early days, but is already starting to show positive news.
Oracle reported strong fiscal fourth-quarter results in June, posting 81 cents of earnings per share and $10.59 billion of revenue, matching analyst expectations for EPS and exceeding them for revenue. Sales, in particular, wer lifted by growth in the cloud business.