1.6 Million Customers at Risk in Avanti Markets Breach
Avanti Markets, a maker of workplace food kiosks, has confirmed that up to 1.6 million people may have been affected in a recent breach. Payment card information and email addresses may have been taken in the attack.
The company believes the breach occurred between July 2 and July 4 and will only affect customers who used the kiosks during that time frame.
“On July 4, 2017, we discovered a sophisticated malware attack which affected kiosks at some Avanti Markets,” the company said on its blog. “Based on our investigation…and although we have not yet confirmed the root cause of the intrusion, it appears the attackers utilized the malware to gain unauthorized access to customer personal information from some kiosks.”
The description makes this attack sound very similar to a recent attack on Chipotle, where hackers were able to install malware on the company’s payment card system to steal payment card information. In the Avanti breach, the malware collected payment card data, including first and last names, account numbers, expiration dates, and email addresses.
“Because not all of our kiosks are configured or used the same way, personal information on some kiosks may have been adversely affected, while other kiosks may not have been affected,” Avanti said.
Initially, the company feared that biometric information may also have been stolen, since some of the kiosks use fingerprints to authenticate data. However, Avanti has stated this information is not at-risk. “We are happy to report that we are now able to confirm all kiosk fingerprint readers supplied by Avanti include end-to-end encryption on such biometric data and as such this biometric data would not be subject to this incident as it is encrypted,” the company said.
The company said they have hired a forensic firm to help investigate the breach and have also alerted the FBI. Payment processing systems have also been shut down at some locations.
Avanti is advising users to carefully monitor their financial statements for fraudulent activity and also contact Equifax, TransUnion, and Experian to have a fraud alert placed on their credit report. Placing an alert on your credit report makes it difficult for thieves to open accounts in your name.