[BreachExchange] Credit Card And Biometric Data Compromised In Avanti Hack

Audrey McNeil audrey at riskbasedsecurity.com
Mon Jul 10 20:12:59 EDT 2017 

http://www.silicon.co.uk/security/card-biometric-data-avanti-hack-216899

Hackers used malware specifically designed to steal payment card information

Self-service payment kiosk vendor Avanti Markets has suffered a security
breach where hackers managed to gain access to some of its internal
networks.

The US-based firm is known for manufacturing break room devices for
businesses which allow employees to serve themselves and pay for food and
drinks with either cash, a credit card or fingerprint scan.

Hackers were reportedly able to send malicious code out to these payment
devices, which could leave customer payment card details and their
biometric data at risk.

Security breach

In a statement on its website, Avanti said: “On July 4, 2017, we discovered
a sophisticated malware attack which affected kiosks at some Avanti
Markets. Based on our investigation thus far, and although we have not yet
confirmed the root cause of the intrusion, it appears the attackers
utilized the malware to gain unauthorized access to customer personal
information from some kiosks.

“Because not all of our kiosks are configured or used the same way,
personal information on some kiosks may have been adversely affected, while
other kiosks may not have been affected.”

According to the company, the hackers used a strain of malware that was
designed to collect card information, include the cardholder’s full name,
the card number and the expiration date.

Customers who used the Market Card option may also have had their names and
email addresses compromised, as well as of course biometric information due
to the latest Avanti systems allowing customers to pay with their
fingerprint.

“We apologize for any inconvenience this may cause you and assure you we
are working diligently to resolve this incident and to ensure that it will
not happen again,” the statement added.

Point-of-Sale (PoS) devices have long been targeted by hackers, with
restaurant chain Chipotle being one of the most recent organisations to
fall victim to such a cyber attack.

Getting hold of payment card details is still a lucrative reward for cyber
criminals and organisations need to remain vigilant as such targets will
always remain firmly in hacker’s sights.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20170710/755e6fce/attachment.html>

More information about the BreachExchange mailing list