Sears affected by malware that exposed Delta payment info
Delta now says that payment- card information for “several hundred thousand” airline customers may have been exposed by a malware breach last fall that also hit Sears and other companies.
The airline says that the malware attack may have exposed customers’ names, addresses, credit card numbers, card security codes and expiration dates.
Delta Air Lines Inc. offered the additional details about the attack on Thursday, a day after saying that only a “small subset” of customers was affected.
The airline said that it wasn’t sure whether customers’ information was actually compromised by malware that it believes was in software used by ( 24) 7. ai, which provided the airline with online chat services for customers, for about two weeks. The software company said it discovered and fixed the breach in October.
Hoffman Estates- based Sears said in a statement that it believes the malware led to “unauthorized access to less than 100,000 of our customers’ credit card information.”
Sears Holdings Corp., which also operates Kmart stores, said it learned of the problem in mid- March and immediately notified credit- card companies to prevent potential fraud. Both Delta and Sears said they worked with federal law enforcement officials and IT- security experts.
It does not appear the companies’ systems were hacked, said Bill Curtis, chief scientist at CAST, a software- security firm. Rather, the malware targeted customers as they made purchases using infected software.
Consumers “downloaded something that was watching your screen and waiting for the credit cards to float,” Curtis said. “They stole the data as you entered it.”