Sears and Delta Data Breach Affected Up to 100, 000 Customers Worldwide

Cyber criminals never miss an opportunity to steal sensitive data. They usually affect various companies directly, but, as the incident that involved Sears Holding Corp (SHLD.O) and Delta Air Lines Inc. (DAL.N) shows, hackers can cause harm to companies indirectly either. In the case of Sears and Delta, cyber criminals affected a third-party service [24]7.ai that provides online support services for both companies in order to obtain information about customers first. Unauthorized access to [24]7.ai servers took place between the 26th of September and the 12th of October last year. Even though the incident occurred in 2017, Sears was informed about the breach only in the middle of March, 2018. The official report was released on the 4th of April, 2018. As for Delta, it seems that it found out about the possible data leakage quite recently too because the official statement on this “cyber incident” was released on the 7th of April, 2018. It should be noted that these two companies are not the only ones that were affected. [24]7.ai refused to name them due to “client confidentiality,” so it is still unclear how many instances of this data breach in total occurred.

1

It did not take long for cybersecurity specialists working at [24]7.ai to suppress the data breach, but some Sears Holding Corp customers were still affected. Luckily, the amount of victims is not that huge: “We believe this incident involved unauthorized access to less than 100, 000 of our customers’ credit card information.” Sears immediately informed credit card companies in order to prevent the potential fraud after having been informed about the incident. Also, they confirmed that “Sears-branded credit card were not impacted” in their report. Of course, customers should still check their credit cards, specialists say. If they can locate payments they cannot recognize, they should contact their credit card issuers immediately, specialists say.

As for Delta Air Lines, which also used the [24]7.ai online customer support service, it seems that it was not affected as severely as Sears. It confirmed that certain customer payment information could have ended up in the cyber criminals’ lap, but the company confirmed that other personal information belonging to customers was not accessed by hackers: “no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.” Also, Delta offers free protection services for users who believe they could be impacted at https://delta.allclearid.com. Delta said that “a small subset of its customers would have had their information exposed,” but the company cannot tell with certainty that this information “was accessed and compromised.”

2

It is not very likely that hackers will ever stop looking for a way to steal sensitive information. Therefore, if you use services online, e.g. shop at online stores and use your credit card information, you will not find a 100% working method to protect yourself from a data breach. In other words, if you enter your personal information online and use your credit card to pay at online stores, there is a risk to experience money loss or identity theft. Because of this, it is highly advisable to check all payments made with the credit card every month. If money transactions that cannot be recognized can be found, contact your credit card issuer as soon as possible. You may need to block the card you use. Last but not least, it is advisable to set up email alerts so that you could receive emails every time a payment is made with your credit card.

References:

  1. Blumenthal, E. Data breach at service provider hits thousands of Sears, Delta customers. USA Today
  2. Delta Staff. Statement on [24]7.ai cyber incident. Delta News Hub
  3. Free Stock Photos. Pexels
  4. Mathews, L. Hacked Chat Service Exposes Data From Best Buy, Sears, Kmart and Delta. Forbes
  5. Reuters Staff. Sears Holding, Delta Air hit by customer data breach at tech firm. Reuters
  6. SHC staff. Statement on Data Security Incident. Sears Holdings Blog