A recent breach of 7.ai, a company that provides online support services to other companies, has exposed customer payment data, and both Sears and Delta Air Lines customers may have been affected.
Both Sears and Delta have separately acknowledged their association in the “data security incident.” Both companies agree the incident ended on Oct. 12, 2017 — Sears marks the start date as Sept. 27, 2017, while Delta claims the incident began on Sept. 26. (7.ai also claims the incident began on Sept. 26, so perhaps something else had an effect on Sears’ payment system that caused a slight delay.)
Sears said the incident “involved unauthorized access to less than 100,000 of our customers’ credit card information,” which leads us to believe the number is likely close to 100,000 credit cards. The incident impacted “certain customers” who made online purchases with Sears during that time.
Kmart is also part of Sears Holdings, and it appears that its customers were also affected by the incident. Sears notes that customers who used a Sears-branded credit card were not affected.
Delta is less specific in its statement when it comes to how many customers may have been impacted, only stating that “even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised.” The airline noted that only payment information was affected. Other sensitive information — including traveler data such as passports or flight miles — was not compromised.
More To Come?
Sears will be setting up a website for updates, and a hotline for customers by Friday. Delta will also be setting up a dedicated response website which should launch today. Considering that other companies also use 7.ai for online support, we’re wondering if more corporate announcements on this specific incident will occur in the near future.