Keeping our personal information and financial data out of the hands of cybercriminals is a daunting task. Even swiping your payment cards at retail locations is risky nowadays. That's because criminals take advantage of companies with insufficient security to rip us off.
When you swipe your card to purchase things, you'd expect the company to have a secure point-of-sale system (POS). Unfortunately, that's not always the case. A massive data breach was recently discovered at one of these POS systems and millions of people could be affected.
Has your banking info fallen into the wrong hands?
What we're talking about is some POS kiosks for Avanti Markets that have been breached. The company sells food and drinks in break rooms at companies in 46 states across the country and has over 1.5 million customers.
The company is warning customers that it discovered a "sophisticated malware attack" targeting its payment kiosks. The malware was active from July 2 through July 4, 2017. Anyone who purchased items at one of its kiosks during that time-frame is at risk of having their data stolen.
Stolen data includes:
- credit or debit card information
- email addresses
The company has notified law enforcement and the FBI of the data breach. The credit card function has been deactivated on affected kiosks while the malware is being removed.
Even though Avanti believes the malware was only active for a couple of days in July, it's possible that it could have been active for much longer. If you have ever bought items from an Avanti kiosk, continue reading to find out what you need to do next. Don't forget to pass this story along to friends and family, they could have Avanti Markets at their workplace.
What you need to do after a data breach
- Keep an eye on your bank accounts - You should already be frequently checking your bank statements, looking for suspicious activity. It's even more critical when credit card data has been exposed through a data breach. If you see anything that seems strange, report it immediately.
- Set up two-factor authentication - Two-factor authentication, also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. It's like the DMV or bank asking for two forms of ID. Click here to learn how to set up two-factor authentication.
- Investigate your email address - Have I Been Pwned is an easy-to-use site with a database of information that hackers and malicious programs have released publicly. It monitors hacker sites and collects new data every five to 10 minutes about the latest hacks and exposures.
- Change your password - Whenever you hear news of a data breach, it's a good idea to change your account passwords. Read this article to help you create hack-proof passwords.
- Close unused accounts - Here's an easy way to manage all of your online accounts at once.
- Beware of phishing scams - Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from the affected company, hoping to get victims to click on malicious links that will lead to more problems. Take our phishing IQ test to see if you can spot a fake email.
- Manage passwords - Many people use the same username and password on multiple sites. Bad idea. If you're using the same credentials on multiple sites, change them to make them unique. If you have too many accounts to remember, you could always use a password manager.