Privacy News Micro Market Vendor Warns of Bankcard And Biometric Data Breach

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
Avanti Markets, which specializes in self-serve food kiosks typically located in company breakrooms, said an undisclosed number of its 1.5 million customers may have had their personal and bankcard data compromised along with stored biometric data.

The company, based in Tukwila, WA, said on July 4 it discovered a “sophisticated” malware attack against a number of its kiosks, used for self-checkout at one of its 5,000 so-called micro-markets.

“Based on our investigation thus far, and although we have not yet confirmed the root cause of the intrusion, it appears the attackers utilized the malware to gain unauthorized access to customer personal information from some kiosks,” said John Reilly, president of Avanti, in a statement posted to its website on Monday.
The company said because of different kiosk configurations, data stolen may vary from location to location. “Personal information on some kiosks may have been adversely affected, while other kiosks may not have been affected,” Reilly wrote.

The company did not return Threatpost requests for comment for this story. But, according to Reilly’s online statement customers who used Avanti’s “Market Card option may have had their names and email addresses compromised, as well as their biometric information if they used the kiosk’s biometric verification functionality.”

It’s unclear what biometric data may have been associated with accounts. However, according to a description of the company’s kiosk technology, customers have a “Pay with Fingerprint Scanner” option.

“You can now pay for your favorite food or beverage items within your break room with just the quick tap of your finger on the Kiosk,” the site states.

Security experts have warned that fingerprint records coupled with personal data could present a security risk hard to mitigate. That’s because, unlike passwords, fingerprints can’t be reset. So called “fake fingers” are not easy to produce, but Chaos Computer Club proved several years ago it is possible to use fingerprint data to bypass user authentication measures by creating latex molds of fingers.

According to the company’s website, its kiosk are in 46 U.S. states and used by 1.6 million customers. The company said it has notified the Federal Bureau of Investigation of the breach and shut down payment processing at an undisclosed number of locations. The company is also making credit-monitoring services available to customers at no cost.
 
  • Like
Reactions: SumG and frogboy

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top