Data breach affected 100,000 Sears and Delta customers

Sears Holding Corp and Delta Air Lines Inc data breach: credit card details leaked

Approximately 100, 000 credit card details of Sears Holding Corp (SHLD.O)^[1] and Delta Air Lines (DAL.N)^[2] customers' have been leaked, following a data breach at a [24]7.ai. The company serving 24/7 customer support for both Sears and Delta Air Lines revealed access of unauthorized parties to its servers between September 26 and October 12 last year.

According to the [24]7.ai service provider, the breach has happened on September 26, 2017, and has been revealed a couple of weeks after, i.e., on October 12. Although cybersecurity experts resolved the vulnerability and suppressed data leakage, it has been estimated that criminals managed to extort credit card details of 100,000 Sears customers. Delta says that only a “small subset” of its customers had been affected.

Hackers targeted credit card details of Sears' customers

Sears has been informed about the breach in the middle of March 2018. The analysis of the incident revealed that criminals targeted credit card details. Based on the initial reports, almost 100, 000 of its customers have been affected.^[3]

Customers using a Sears-branded credit card were not impacted. Also, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible. [24]7.ai has assured us that their systems are now secure.

The company reassured that stores hosted by Sears were not affected. Not the company's system, but the [24]7.ai server compromised, thus exposing credit card details to criminals. Upon the news about the shocking data breach, the company urges customers who were shopping online between September 27, 2017, and October 12, 2017, to check their credit cards and change passwords. In case of any irregular payments, it's a must to contact the manufacturer of your credit card as you might need to suspend it.

Delta claims no personal details were leaked

Delta Air Lines, one of the companies relying on [24]7.ai online chat services, has also been involved in the [24]7.ai's “cyber incident.” However, unlike Sears, Delta does not seem to be severely affected.^[4]

Notified about a hack last week, Delta made the issue public only yesterday. It claims that only a “small subset” of its customers have been affected and reassured that information related to passport, security and frequent-flyer information had not been exposed. Besides, it released an official report on what steps have been taken to fix the breach:

Upon being notified of [24]7.ai's incident, Delta immediately began working with [24]7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system. We also engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by [24]7.ai last October. At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was accessed or subsequently compromised.

How to protect yourself from data breaches like this?

As long as companies leave ways for unauthorized parties to exploit server's vulnerabilities and access personal information of the customers, there will be no hundred percent protection from the data breach.^[5]

If you are actively using services online which require credit card details and other personal information, there's always a risk to experience identity theft or money loss.

Thus, it's important to monitor your credit card and debit card statements every month and react to each unusual transaction. In case of a single dollar being sent without your permission, contact bank or credit card company asap.