In a recently filed breach notice, Avanti Markets has notified its customers that they had noticed a breach in their internal networks on July 4th 2017.
What Happened?
On July 4, 2017, we discovered a sophisticated malware attack which affected kiosks at some Avanti Markets. Based on our investigation thus far, and although we have not yet confirmed the root cause of the intrusion, it appears the attackers utilized the malware to gain unauthorized access to customer personal information from some kiosks. Because not all of our kiosks are configured or used the same way, personal information on some kiosks may have been adversely affected, while other kiosks may not have been affected.
What Information Was Involved?
At this point, it appears the malware was designed to gather certain payment card information including the cardholder’s first and last name, credit/debit card number and expiration date. In addition, users of the Market Card option may have had their names and email addresses compromised, as well as their biometric information if they used the kiosk’s biometric verification functionality.
What We Are Doing?
We have been working nonstop to address this incident, including taking the following steps.
- Immediately upon discovering that we were a victim of a malware attack, we commenced an investigation to determine the scope of this incident and attempt to identify those affected.
- We worked with our assembled internal response team and took steps to secure our information systems, including changing passwords and other related measures.
- We retained a nationally-recognized forensic investigation firm and outside legal counsel to assist.
- We are notifying the Federal Bureau of Investigation (“FBI”) and other law enforcement agencies.
- We have shut down payment processing at some locations and are working with our operators to purge impacted systems of any malware from the attack and take steps to substantially minimize the risk of a data compromise in the future.
- We are developing a set of comprehensive FAQs to assist affected persons with gathering additional information about the incident and additional steps they can take to protect their personal information and identity. We plan to update these FAQs when we discover further information about the nature and scope of the attack.
- We are working to make available credit monitoring services at no cost to those individuals whose personal information has been compromised, and will be providing information shortly about the services and enrollment.
- We are working on setting up a call center that will be available to answer at questions you might have about the incident.
- We treat all personal information in a confidential manner and are proactive in the careful handling of such information. We continue to assess and modify our privacy and data security policies and procedures to prevent similar situations from occurring. For instance, we are in the middle of implementing an end to end encryption solution for all of our kiosks, and are working on expediting that implementation. Theft of data and similar incidents are difficult to prevent in all instances, however, we will be reviewing our systems and making improvements where we can to minimize the chances of this happening again.
The breach notice has information what customers and their customers can do to monitor credit, including information on the leading credit bureaus.
Contact Details for Avanti Markets can be found in the notice also:
For More Information.
If you have questions or concerns you may contact us securityincidentinfo@AvantiMarkets.com. Again, we apologize for this situation and any inconvenience it may cause you.
Sincerely,
John ReillyPresident
Avanti Markets