Reading:
Avanti self-service food vending kiosks hacked
Share:
Sign-up to a data breach claim today - use our quick and easy form to begin your claim for thousands of pounds in compensation.
U.S. payment kiosk vendor, Avanti Markets, recently fell victim to a malware scam. The U.S. kiosk vendor’s innovation is to take away counter services and replace them with an all-serving vending machine that covers whole sandwiches, fruit, drinks and junk food with one payment system.
On 4th July 2017, Avanti discovered the malware scam that affected some of its kiosks. They made some investigations and concluded that the cyber-attackers used malware to gain unauthorised access to customers’ personal information from the kiosks. They explained that, because the kiosks aren’t configured in the same way, some of the kiosks weren’t affected.
Avanti confirmed they found the malware on their systems from 2nd July 2017 until 4th July 2017. Though they can’t put a number on how many people were affected, they stated that if you didn’t use a kiosk between that time, you’re unlikely to have been affected by the breach.
Though Avanti have made initial investigations they still haven’t explained just how many of their customers had their information accessed. They noted that they’re still conducting an extensive IT forensic investigation to see the extent of the attack. This should also ascertain what kiosks were attacked.
Customers that used a payment card to make a purchase on an infected kiosk may have had their information accessed. The accessed information may include cardholder first and last names, credit/debit card numbers, and expiration dates. Avanti assured customers that the kiosks don’t collect certain data like social security numbers, dates of birth or federal/state identification number.
On 25th July 2017, Avanti Markets released a statement on their website to notify their customers of a ‘data incident’. It starts by saying:
“…this notice is to make you aware of an incident which may have resulted in unauthorised access or acquisition of your personal information and/or payment card data.”
They also made assurances that they’re working diligently to resolve the matter and “ensure that it will not happen again”.
That is quite a big pledge to make seeing as they failed to keep their customers’ data safe in the first place. Saying it will not happen again may give customers a false sense of security as data breaches can happen no matter how tight a company’s cyber-security is.
As some of the kiosks use biometric verification, some customers’ names, email addresses and biometric data could possibly be compromised. Avanti explain that all their kiosk fingerprints have end-to-end encryption, so the biometric data shouldn’t have been included in the breach.
But how can anyone really be sure?
In a bid to secure their customers’ data, Avanti Markets have taken the following steps:
Though Ananti have taken a few steps to minimise the effect of the breach, it’s a little too late for them to try to reassure their customers when the damage may have already been done.
EasyJet admits data of nine million hacked
British Airways data breach: How to claim up to £6,000 compensation
Are you owed £5,000 for the Virgin Media data breach?
Virgin Media faces £4.5 BILLION in compensation payouts
BA customers given final deadline to claim compensation for data breach
Shoppers slam Morrisons after loyalty points stolen
Half a million customers can sue BA over huge data breach
Lawyers accuse BA of 'swerving responsibility' for data breach
The biggest data breaches of 2020
Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
