Legal help for data breach compensation claims

Avanti self-service food vending kiosks hacked

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

U.S. payment kiosk vendor, Avanti Markets, recently fell victim to a malware scam. The U.S. kiosk vendor’s innovation is to take away counter services and replace them with an all-serving vending machine that covers whole sandwiches, fruit, drinks and junk food with one payment system.

Breach discovered

On 4th July 2017, Avanti discovered the malware scam that affected some of its kiosks. They made some investigations and concluded that the cyber-attackers used malware to gain unauthorised access to customers’ personal information from the kiosks. They explained that, because the kiosks aren’t configured in the same way, some of the kiosks weren’t affected.

Avanti confirmed they found the malware on their systems from 2nd July 2017 until 4th July 2017. Though they can’t put a number on how many people were affected, they stated that if you didn’t use a kiosk between that time, you’re unlikely to have been affected by the breach.

Investigations

Though Avanti have made initial investigations they still haven’t explained just how many of their customers had their information accessed. They noted that they’re still conducting an extensive IT forensic investigation to see the extent of the attack. This should also ascertain what kiosks were attacked.

What information was accessed?

Customers that used a payment card to make a purchase on an infected kiosk may have had their information accessed. The accessed information may include cardholder first and last names, credit/debit card numbers, and expiration dates. Avanti assured customers that the kiosks don’t collect certain data like social security numbers, dates of birth or federal/state identification number.

Notification

On 25th July 2017, Avanti Markets released a statement on their website to notify their customers of a ‘data incident’. It starts by saying:

“…this notice is to make you aware of an incident which may have resulted in unauthorised access or acquisition of your personal information and/or payment card data.”

They also made assurances that they’re working diligently to resolve the matter and “ensure that it will not happen again”.

That is quite a big pledge to make seeing as they failed to keep their customers’ data safe in the first place. Saying it will not happen again may give customers a false sense of security as data breaches can happen no matter how tight a company’s cyber-security is.

Biometric data wasn’t accessed

As some of the kiosks use biometric verification, some customers’ names, email addresses and biometric data could possibly be compromised. Avanti explain that all their kiosk fingerprints have end-to-end encryption, so the biometric data shouldn’t have been included in the breach.

But how can anyone really be sure?

Post-breach

In a bid to secure their customers’ data, Avanti Markets have taken the following steps:

  • Upon discovering the malware, they commenced an investigation to identify those affected
  • They worked with the internal team to change all passwords and measures
  • Hired a nationally-recognised forensic investigation team to assist
  • Shut down payment processing at some locations and working with operators to take steps to minimise the risk of data breaches moving forward

Though Ananti have taken a few steps to minimise the effect of the breach, it’s a little too late for them to try to reassure their customers when the damage may have already been done.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.

First published by Editor on August 25, 2017
Posted in the following categories: Hacking News Malware and tagged with | | |


How much does a data breach cost?
Cyber threats: are they being taken seriously?
%d bloggers like this: