April 5 (UPI) — Delta Air Lines and Sears are the latest major U.S. companies hit by data breaches, officials said Wednesday — and are working to determine how deep the cyberattacks have cut into their customers’ privacy.
The breaches occurred from Sept. 26 to Oct. 12 — through [24]7.ai, the company that provides online chat services for both companies. Both Delta and Sears did not say how many customers may have been affected, but Sears said it was “less than 100,000.”
Delta said it was notified of the breach last week, during which time certain customer payment information for [24]7.ai clients may have been accessed. No other customer personal information, such as passports, government IDs, security or SkyMiles was breached, the carrier said.
The airline contacted federal law enforcement and forensic teams and said the incident was resolved in October.
“At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised,” Delta’s statement said. “We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers’ information is of critical importance to us and a responsibility we take extremely seriously.”
Thursday, Delta was set to launch a dedicated website — delta.com/response — to address customer questions and concerns. The company also will contact customers who may have been impacted by the incident — and if a payment card was used fraudulently, Delta will ensure the customer will not be held responsible for the activity.
Sears said in a statement the incident involved unauthorized access to fewer than 100,000 Sears and Kmart credit cards. Customers using a Sears-branded credit card were not impacted by the breach.
“As soon as [24]7.ai informed us in mid-March 2018, we immediately notified the credit card companies to prevent potential fraud, and launched a thorough investigation with federal law enforcement authorities, our banking partners, and IT security firms,” Sears said.
Sears is establishing a hotline for customers, which will be available Friday, and is posting more information on the company’s website as it becomes available.
A statement issued Wednesday by [24]7.ai said the incident was contained Oct. 12 and its platform is secure.
“[24]7.ai discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies and affected clients have been notified. The incident began on Sept. 26 and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers’ online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.”