TUKWILA, WA -- The vending industry's largest micromarket company last week suffered a security breach in which hackers managed to gain access to some of its internal networks. Hackers used malware designed to steal payment card information from Avanti Markets, headquartered here.
Avanti Markets' self-checkout systems allow breakroom customers to serve themselves and pay for food and drinks with cash, credit card or fingerprint scan. Hackers reportedly were able to send malicious code to its payment kiosks that could leave customer payment card details and their biometric data at risk.
Avanti said it discovered the breach on July 4 and published a notice of data breach at its website.
Part of it read: "On July 4, 2017, we discovered a sophisticated malware attack which affected kiosks at some Avanti Markets. Based on our investigation thus far, and although we have not yet confirmed the root cause of the intrusion, it appears the attackers utilized the malware to gain unauthorized access to customer personal information from some kiosks. Because not all of our kiosks are configured or used the same way, personal information on some kiosks may have been adversely affected, while other kiosks may not have been affected."
Avanti said it appears the malware was designed to gather certain payment card information including the cardholder's first and last name, credit/debit card number and expiration date.
What's notable about the Avanti breach, according to cyber security experts, is that involved customers' biometric data.