Third-party breach exposed credit card details on Sears, Delta Air Lines customers

In the latest in a string of high-profile cyber incidents, hackers breached a third-party company to gain access to credit card information belonging to customers of Sears and Delta Air Lines. 

Sears said that the breach affected less than 100,000 of its customers and that hackers likely accessed credit card information belonging to customers who made online purchases at Sears and Kmart stores between late September and October of last year. 

{mosads}Separately, Delta in a statement said that payment information on a “small subset” of its customers may have been improperly accessed in the same time frame, though the company did not provide an estimate of the number impacted. Delta also emphasized that it “cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised.”

The breach originated at an online support services company called [24]7.ai, which said late Wednesday that the data security incident impacted online customer information of “a small number” of its client companies. The breach occurred between Sept. 16 and Oct. 12, at which point it was “discovered and contained,” the company said.

Sears said that it was notified of the breach by [24]7.ai in mid-March, and immediately notified credit card companies to mitigate potential fraud. 

“We believe the credit card information for certain customers who transacted online between September 27, 2017 and October 12, 2017 may have been compromised. Customers using a Sears-branded credit card were not impacted,” Sears said in a statement. “In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible.” 

All three companies said they have been working with law enforcement to investigate the incident.

“We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers’ online safety,” said [24]7.ai. “We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.”

Earlier this week, it was revealed that hackers stole credit card information on as many as 5 million customers of major department stores Saks and Lord & Taylor.