Avanti Markets, a company whose self-service payment kiosks sit beside shelves of snacks and drinks in thousands of corporate break rooms across America, has suffered from a breach of its internal networks in which hackers were able to push malicious software out to those payment devices. The breach may have jeopardised customer credit card accounts as well as biometric data, Avanti warned in its notice of data breach uploaded on its website.
The company’s small food and drink markets have served more than 1.6 million customers since the company began operations. These “micro markets” are effectively unmanned retail spaces where users can choose snacks and beverages and pay through a kiosk. They can be found at offices and are usually installed, maintained and restocked by local resellers, and accept payment via payment card, cash, or a fingerprint scan.
If you swiped your credit card at one of the Avanti kiosks between July 2nd and July 4th your personal information could have been compromised. At around three o’ clock, on July 04, the company found some foreign file and removed it. They discovered the sophisticated malware attack affecting some kiosks. The breach affected about 20% of Avanti Markets.
“Based on our investigation thus far, and although we have not yet confirmed the root cause of the intrusion, it appears the attackers utilised the malware to gain unauthorised access to customer personal information from some kiosks,” the company explained.
Avanti said it appears the malware was designed to gather certain payment card information including the cardholder’s first and last name, credit/debit card number and expiration date. In addition, users of the Market Card option may have had their email addresses compromised, as well as their biometric information if they used the kiosk’s biometric verification functionality.