Delta Airlines and the department store chain Sears said on Wednesday that some of their customer payment information may have been exposed in a cybersecurity breach at software service provider [ 24]7.ai, according to Reuters. The department store chain said it was notified of the breach in mid-March that led to unauthorized access to the credit card information of fewer than 100,000 customers. The technology firm providing online support services for Delta Airlines, Sears and Kmart among other companies, [ 24]7.ai, discovered that a cybersecurity incident affected online customer payment information of its clients.
The technology firm said the incident happened on or after Sept. 26, 2017, last year and was found and resolved on Oct. 12. According to Security Intelligence, “From a cybersecurity perspective, 2017 will go down as a record year for data breaches.” IBM Security said in a tweet “22 [percent] of all the data breaches tracked by the ITRC since 2005 occurred last year. If 2017 was the year of the breach what does that mean for 2018?”
Delta believes details related to passport, government identification, security and SkyMiles information were not impacted. The U.S. carrier said while a small fraction of customers would have had their information exposed, it cannot be said with certainty if their information was accessed and compromised, Delta said. Sears said its stores were not compromised and their internal systems were not accessed in the breach. There was no impact on the information of customers using a Sears-branded credit card, Reuters reports. Sears said federal law enforcement authorities, banks, and IT security firms are investigating the breach.
The Verge said Sears will start a hotline for customer inquiries concerning the breach by Friday morning. Delta launched delta.com/response, a site for customer concerns on Thursday, according to The Verge. Delta said, “We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers’ information is of critical importance to us and a responsibility we take extremely seriously.”
Gizmodo said the breach was the result of a malware attack and the unauthorized access involved payment card numbers, CVV numbers and expiration dates, in addition to customers’ names and addresses. Gizmodo reports that Delta would be contacting customers directly by first-class postal mail, in addition to offering free credit monitoring. The nature of the malware involved in the breach has not been disclosed and it is unclear if the payment card information entered by customers themselves was intercepted in transit or was improperly stored, Gizmodo reports.