Data Breach at Sears and Delta May Have Hit ‘Several Hundred Thousand’ Customers

A data breach at an online customer services vendor may have exposed the credit card information of hundreds of thousands of customers at Delta Air Lines and Sears, the companies said this week.

The customer services company, [24]7.ai, suffered a malware attack last fall, but did not tell Delta or Sears about the issue until recently, according to Sears. The department store chain said it learned of the breach in mid-March, while Delta said it found out about the attack just last week.

The breach lasted from Sept. 26 to Oct. 12, 2017, Delta said in its statement alerting customers to the incident. Hackers may have accessed names, addresses, credit card numbers, CVV numbers and expiration dates for “several hundred thousand” customers during that time, according to the airline.

“At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised,” Delta said. The company added that other information, such as passports, government IDs, security and SkyMiles data, was not accessed.

On the Sears side, the company said “less than 100,000” customers were impacted, and that those using Sears-branded credit cards did not have their information exposed.

Delta created a website offering customers information about the security breach and Sears said it would have a hotline for customer questions by Friday morning.

[24]7.ai said Wednesday it had “contained” the incident and that its technology was now safe. “We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed,” the company said in a news release.

This breach represents the latest in a series of data incidents in recent weeks. Under Armour, Saks Fifth Avenue, Lord & Taylor and Boeing have all recently seen their data breached as well.