Credit Card And Biometric Data Compromised In Avanti Hack

seagate, spear phishing

Hackers used malware specifically designed to steal payment card information

Self-service payment kiosk vendor Avanti Markets has suffered a security breach where hackers managed to gain access to some of its internal networks.

The US-based firm is known for manufacturing break room devices for businesses which allow employees to serve themselves and pay for food and drinks with either cash, a credit card or fingerprint scan.

Hackers were reportedly able to send malicious code out to these payment devices, which could leave customer payment card details and their biometric data at risk.

credit card payment ©dean bertoncelj /shutterstock.com

Security breach

In a statement on its website, Avanti said: “On July 4, 2017, we discovered a sophisticated malware attack which affected kiosks at some Avanti Markets. Based on our investigation thus far, and although we have not yet confirmed the root cause of the intrusion, it appears the attackers utilized the malware to gain unauthorized access to customer personal information from some kiosks.

“Because not all of our kiosks are configured or used the same way, personal information on some kiosks may have been adversely affected, while other kiosks may not have been affected.”

According to the company, the hackers used a strain of malware that was designed to collect card information, include the cardholder’s full name, the card number and the expiration date. 

Customers who used the Market Card option may also have had their names and email addresses compromised, as well as of course biometric information due to the latest Avanti systems allowing customers to pay with their fingerprint.

“We apologize for any inconvenience this may cause you and assure you we are working diligently to resolve this incident and to ensure that it will not happen again,” the statement added.

Point-of-Sale (PoS) devices have long been targeted by hackers, with restaurant chain Chipotle being one of the most recent organisations to fall victim to such a cyber attack.

Getting hold of payment card details is still a lucrative reward for cyber criminals and organisations need to remain vigilant as such targets will always remain firmly in hacker’s sights.

Quiz: Are you a security pro?