Delta, Sears warn of breach
Hundreds of thousands of accounts may have been exposed through an online chat service.
The airline and retail giant announce that customers’ payment information may have been compromised.
Delta Air Lines, one of the world’s largest carriers, and retail giant Sears announced that payment information belonging to hundreds of thousands of their customers may have been compromised through an online chat service.
The service, operated by San Jose tech company [24]7.ai, was compromised between Sept. 26 and Oct. 12, and information from customers of Delta, Sears and other corporate clients may have been accessed, according to statements by the companies.
The chat service appears on Delta.com websites and allows passengers to type in questions and make reservations with replies provided by an automated system. At the airline, the information may have been breached when passengers manually entered data to make a payment transaction, according to representatives for the carrier.
“In the event any of our customers’ payment cards were used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity,” Delta said in a statement to passengers.
It said malware “potentially exposed several hundred thousand customers.”
Sears issued a statement saying: “We believe this incident involved unauthorized access to less than 100,000 of our customers’ credit card information.”
Delta said that no passport, government ID, security or SkyMiles information was affected and that federal law enforcement officials were notified.
The chat-services provider said a statement: “We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.”
Computer glitches have been a problem in the airline industry in the last few years, some so severe that they have forced carriers to ground their planes or refrain from accepting reservations.
In 2015, United Airlines requested a ground stop for all U.S. departures for nearly 90 minutes, blaming the problem on a failed computer network router that disrupted its reservation system.
That year, United and American Airlines both announced that hackers had booked themselves free trips and upgrades by accessing the two airlines’ loyalty reward programs.
Japan Airlines reported in 2014 that the personal information of as many as 750,000 members of its loyalty rewards program may have been stolen by hackers.