Avanti self-service food vending kiosks hacked
Flagship Group cyberattack

Data Leak Lawyers - Begin Your Data Breach Claim Today!

Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.

Start Your Claim
Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy

solicitors regulation authority

Avanti self-service food vending kiosks hacked

U.S. payment kiosk vendor, Avanti Markets, recently fell victim to a malware scam. The U.S. kiosk vendor’s innovation is to take away counter services and replace them with an all-serving vending machine that covers whole sandwiches, fruit, drinks and junk food with one payment system.

Breach discovered

On 4th July 2017, Avanti discovered the malware scam that affected some of its kiosks. They made some investigations and concluded that the cyber-attackers used malware to gain unauthorised access to customers’ personal information from the kiosks. They explained that, because the kiosks aren’t configured in the same way, some of the kiosks weren’t affected.

Avanti confirmed they found the malware on their systems from 2nd July 2017 until 4th July 2017. Though they can’t put a number on how many people were affected, they stated that if you didn’t use a kiosk between that time, you’re unlikely to have been affected by the breach.


Though Avanti have made initial investigations they still haven’t explained just how many of their customers had their information accessed. They noted that they’re still conducting an extensive IT forensic investigation to see the extent of the attack. This should also ascertain what kiosks were attacked.

What information was accessed?

Customers that used a payment card to make a purchase on an infected kiosk may have had their information accessed. The accessed information may include cardholder first and last names, credit/debit card numbers, and expiration dates. Avanti assured customers that the kiosks don’t collect certain data like social security numbers, dates of birth or federal/state identification number.


On 25th July 2017, Avanti Markets released a statement on their website to notify their customers of a ‘data incident’. It starts by saying:

“…this notice is to make you aware of an incident which may have resulted in unauthorised access or acquisition of your personal information and/or payment card data.”

They also made assurances that they’re working diligently to resolve the matter and “ensure that it will not happen again”.

That is quite a big pledge to make seeing as they failed to keep their customers’ data safe in the first place. Saying it will not happen again may give customers a false sense of security as data breaches can happen no matter how tight a company’s cyber-security is.

Biometric data wasn’t accessed

As some of the kiosks use biometric verification, some customers’ names, email addresses and biometric data could possibly be compromised. Avanti explain that all their kiosk fingerprints have end-to-end encryption, so the biometric data shouldn’t have been included in the breach.

But how can anyone really be sure?


In a bid to secure their customers’ data, Avanti Markets have taken the following steps:

  • Upon discovering the malware, they commenced an investigation to identify those affected
  • They worked with the internal team to change all passwords and measures
  • Hired a nationally-recognised forensic investigation team to assist
  • Shut down payment processing at some locations and working with operators to take steps to minimise the risk of data breaches moving forward

Though Ananti have taken a few steps to minimise the effect of the breach, it’s a little too late for them to try to reassure their customers when the damage may have already been done.

The content of this post/page was considered accurate at the time of the original posting and/or at the time of any posted revision. The content of this page may, therefore, be out of date. The information contained within this page does not constitute legal advice. Any reliance you place on the information contained within this page is done so at your own risk.

We offer genuine No Win, No Fee agreements for our clients. Why we do this is simple:

Leading Data Breach Lawyers
Our experience speaks for itself.
We will fight for your right to compensation.
Access to Justice
As a victim of a data breach or hack, you deserve your chance to get access to justice.
Risks Assessment
We carefully risk assess your case and take it on if we think we have a good chance of winning the claim.

Request A Callback From Our Team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy
Contact is © of Your Lawyers Limited - we are 'Authorised and Regulated by the Solicitors Regulation Authority (SRA number 508768)'
arrow-up icon