Not even your break room snacks are safe from cybercrime.
Avanti Markets, a Washington-based company that sells food and beverages to company break rooms, has notified customers of a data breach involving personal and payment information.
Avanti operates in 46 states and has a customer base of 1.6 million.
The company discovered a "sophisticated malware attack" that spread throughout its kiosks on July 4, 2017. However, not all payment kiosks were affected, as certain machines are configured differently.
Avanti's investigation has not yet revealed who is behind these attacks, or how widespread. Currently, forensics have shown the malware only propagating two days prior to their discovery of the attack.
Even though Avanti kiosks contain fingerprint scanners, the company is happy to report that, "we are now able to confirm all kiosk fingerprint readers supplied by Avanti include end-to-end encryption on such biometric data and as such this biometric data would not be subject to this incident as it is encrypted."
The company has since changed passwords on devices, notified law enforcement, shut down certain payment kiosks, and is providing free credit monitoring services to affected customers.
"We treat all personal information in a confidential manner and are proactive in the careful handling of such information. We continue to assess and modify our privacy and data security policies and procedures to prevent similar situations from occurring. For instance, we are in the middle of implementing an end to end encryption solution for all of our kiosks, and are working on expediting that implementation. Theft of data and similar incidents are difficult to prevent in all instances, however, we will be reviewing our systems and making improvements where we can to minimize the chances of this happening again," a statement from the company says.
