Avanti Markets, a company whose self-service payment kiosks sit beside shelves of snacks and drinks in thousands of corporate breakrooms across America, has suffered of breach of its internal networks in which hackers were able to push malicious software out to those payment devices, the company has acknowledged. The breach may have jeopardized customer credit card accounts as well as biometric data, Avanti warned.
According to Tukwila, Wash.-based Avanti's marketing literature, some 1.6 million customers use the company's break room self-checkout devices — which allow customers to pay for drinks, snacks and other food items with a credit card, fingerprint scan or cash.
Sometime in the last few hours, Avanti published a "notice of data breach" on its Web site.
"On July 4, 2017, we discovered a sophisticated malware attack which affected kiosks at some Avanti Markets. Based on our investigation thus far, and although we have not yet confirmed the root cause of the intrusion, it appears the attackers utilized the malware to gain unauthorized access to customer personal information from some kiosks. Because not all of our kiosks are configured or used the same way, personal information on some kiosks may have been adversely affected, while other kiosks may not have been affected."
Avanti said it appears the malware was designed to gather certain payment card information including the cardholder's first and last name, credit/debit card number and expiration date.
Breaches at point-of-sale vendors have become almost regular occurrences over the past few years, but this breach is especially notable as it may also have jeopardized customer biometric data. That's because the newer Avanti kiosk systems allow users to pay using a scan of their fingerprint.
"In addition, users of the Market Card option may have had their names and email addresses compromised, as well as their biometric information if they used the kiosk's biometric verification functionality," the company warned.
Source: Krebs On Security
(Score: 0) by Anonymous Coward on Tuesday July 11 2017, @03:26AM
People giving their prints to a vending machine? That's what you get.
(Score: 0) by Anonymous Coward on Tuesday July 11 2017, @03:59AM
Spare change for the hungry? I can pay you in deep links to DRM-free movies.
(Score: 3, Funny) by Absolutely.Geek on Tuesday July 11 2017, @04:18AM
I hear you get fired from certain TLA's for that kind of behavior; how does it work in the private sector?
Don't trust the police or the government - Shihad: My mind's sedate.
(Score: 2) by c0lo on Tuesday July 11 2017, @04:31AM
Indietro, Avanti, non ritardare!
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Tuesday July 11 2017, @11:52AM (2 children)
If the machines take cash, it means I would not have been affected anyway even if I had worked in a place with such a machine and used it. I just would have used cash.
(Score: 3, Interesting) by Taibhsear on Tuesday July 11 2017, @03:35PM (1 child)
We have these at work. They do not accept cash. There are separate terminals you can put cash into and it puts it onto a card to use in the machines. You have to register the card with a whole bunch of personal information first though or it won't work. You're better off just using a credit card.
(Score: 4, Touché) by LoRdTAW on Tuesday July 11 2017, @03:39PM
We have these at work. They do not accept cash. There are separate terminals you can put cash into and it puts it onto a card to use in the machines. You have to register the card with a whole bunch of personal information first though or it won't work. You're better off just
using a credit card.not using the machine at all.FTFY