Breach Brief – Best Buy, Delta, Sears, K-Mart

Published On April 9, 2018 | By Tom Huskerson | Breach Briefs

Delta Airlines, Sears, Kmart and Best Buy and others have all been hit with a data breach that is connected with  Indian Company [24]7.ai. According to a statement from the company, it “discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified.”  The incident took place Sept. 26 and was finally shut down on Oct. 12, 2017. The company has notified notified law enforcement.

[24]7.ai claims the breach affected a small number of clients but, in reality, that small number contains some the biggest, most well known, companies in the U.S. and the world.

[24]7.ai is a third party vendor that provides online and mobile chat services. According to CNET in addition to the above mentioned companies other big name companies potentially impacted by the breach include Hilton, AT&T, Citi, American Express, eBay and Farmers Insurance. Both American Express and Farmers Insurance have confirmed they were unaffected by the breach.

According to Sears, owners of K-Mart, unauthorized access to customer payment information was limited to less than 100,000 of its customer’s credit card information. Sears says there was no evidence that stores were compromised or that any internal Sears systems were inappropriately accessed.

Delta airlines, among the worlds largest, reported that certain customer payment information may have been accessed but denied other customer personal information, such as passport, government ID, security or SkyMiles information was impacted. “As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function.”  But Delta also stated that it can’t confirm if customer data was actually compromised. Delta is continuing its investigation and has launched a dedicated website to provide the latest developments to customers.

Delta stated that software used by [24]7.ai may have exposed the payment information of as many as several hundred thousand customers using Delta’s PC-accessed website. The company is especially concerned because customers didn’t have to interact with the chat tool to be hit by the hack.

According to Delta customer information compromised includes names, addresses, payment card numbers, CVV numbers, and expiration dates. Customers using the Delta’s Wallet service are considered safe as the malware could only grab information entered on the screen. Delta Wallet “masks” this sensitive information.

Electronic retailers Best Buy also acknowledged  it was hit by the same data breach related to [24]7.ai. In a blog post Best Buy said that [24]7.ai  had informed the company that an “illegal intrusion” had occurred between September 27 and October 12, 2017. Best Buy says it will inform affected customers directly and they will not be liable for fraudulent charges. It will also offer free credit monitoring.

 

 

Like this Article? Share it!

About The Author

Tom Huskerson Bio Born in Richmond Virginia Tom Huskerson is a military veteran who settled in California after his discharge. He attended Santa Barbara City College where he began his writing career as a campus reporter. He worked as an intern news reporter for the Santa Barbara News-Press writing feature stories before moving on to San Francisco. At San Francisco State University Tom studied broadcast communications and began to focus on the Internet. He completed his graduate thesis on Internet advertising. Tom was the first student to ever focus on the Internet as a graduate student at San Francisco State University. After graduation he went to work for Zona Research in California’s Silicone Valley. As a research associate Tom supported senior analyst writing on the latest developments in the Internet industry. During the dot com boom Tom worked for several web businesses as a market researcher and analyst. As a writer and researcher Tom has authored various technical works including a training program for Charles Schwab security. Other projects included professional presentations on workplace violence and hiring security contractors. Tom has returned to focus on writing both fiction and non-fiction works and blogging for a travel website. He has published two books of short stories and completed two novels. Tom is the owner of Scribe of Life Literature and EbonyCandle. Most recently Tom has launched the blog African American Cyber Report. The blog is the result of his desire to inform the African American community of the dangers and benefits of the cyber age. In his blog Tom reports on information security, new and analysis, scams and hoaxes, legal happenings and various topics that arise from the age of information. Tom believes that technology is a necessary tool for black people and they should know what is happening. Tom writes believing that techno speak is for the professional and that valuable information can be communicated using plain language. As a result he has embraced the motto, Less Tech, More Knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *