Stories
Slash Boxes
Comments

SoylentNews is people

Self-Service Food Kiosk Vendor Avanti Hacked

posted by mrpg on Tuesday July 11 2017, @03:19AM   Printer-friendly
from the the-new-normal dept.

Fnord666 writes:

Avanti Markets, a company whose self-service payment kiosks sit beside shelves of snacks and drinks in thousands of corporate breakrooms across America, has suffered of breach of its internal networks in which hackers were able to push malicious software out to those payment devices, the company has acknowledged. The breach may have jeopardized customer credit card accounts as well as biometric data, Avanti warned.

According to Tukwila, Wash.-based Avanti's marketing literature, some 1.6 million customers use the company's break room self-checkout devices — which allow customers to pay for drinks, snacks and other food items with a credit card, fingerprint scan or cash.

Sometime in the last few hours, Avanti published a "notice of data breach" on its Web site.

"On July 4, 2017, we discovered a sophisticated malware attack which affected kiosks at some Avanti Markets. Based on our investigation thus far, and although we have not yet confirmed the root cause of the intrusion, it appears the attackers utilized the malware to gain unauthorized access to customer personal information from some kiosks. Because not all of our kiosks are configured or used the same way, personal information on some kiosks may have been adversely affected, while other kiosks may not have been affected."

Avanti said it appears the malware was designed to gather certain payment card information including the cardholder's first and last name, credit/debit card number and expiration date.

Breaches at point-of-sale vendors have become almost regular occurrences over the past few years, but this breach is especially notable as it may also have jeopardized customer biometric data. That's because the newer Avanti kiosk systems allow users to pay using a scan of their fingerprint.

"In addition, users of the Market Card option may have had their names and email addresses compromised, as well as their biometric information if they used the kiosk's biometric verification functionality," the company warned.

Source: Krebs On Security

Original Submission

 
This discussion has been archived. No new comments can be posted.
Self-Service Food Kiosk Vendor Avanti Hacked | Log In/Create an Account | Top | 7 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Interesting) by Taibhsear on Tuesday July 11 2017, @03:35PM (1 child)

    by Taibhsear (1464) on Tuesday July 11 2017, @03:35PM (#537618)

    We have these at work. They do not accept cash. There are separate terminals you can put cash into and it puts it onto a card to use in the machines. You have to register the card with a whole bunch of personal information first though or it won't work. You're better off just using a credit card.

    Starting Score:    1  point
    Moderation   +1  
       Interesting=1, Total=1
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 4, Touché) by LoRdTAW on Tuesday July 11 2017, @03:39PM

    by LoRdTAW (3755) on Tuesday July 11 2017, @03:39PM (#537619) Journal

    We have these at work. They do not accept cash. There are separate terminals you can put cash into and it puts it onto a card to use in the machines. You have to register the card with a whole bunch of personal information first though or it won't work. You're better off just using a credit card. not using the machine at all.
    FTFY