Delta Says Data of 'Several Hundred Thousand' Customers Exposed

Share on Facebook Tweet Share Reddit Comment
Delta Says Data of 'Several Hundred Thousand' Customers Exposed
Highlights
  • The malware breach also hit Sears and other companies
  • It may have exposed customers' names, addresses, security codes, etc.
  • Malware led to access to less than 100,000 of customers' card info: Sears

Delta now says that payment-card information for about "several hundred thousand" airline customers may have been exposed by a malware breach last fall that also hit Sears and other companies.

The airline says that the malware attack may have exposed customers' names, addresses, credit card numbers, card security codes and expiration dates.

Delta Air Lines offered the additional details about the attack on Thursday, a day after saying that only a "small subset" of customers was affected.

The Atlanta-based airline said that it wasn't sure whether customers' information was actually compromised by malware that it believes was in software used by (24)7.ai, which provided the airline with online chat services for customers, for about two weeks. The software company said it discovered and fixed the breach in October.

Sears said in a statement that it believes the malware led to "unauthorised access to less than 100,000 of our customers' credit card information."

Sears Holdings Corp., which also operates Kmart stores, said it learned of the problem in mid-March and immediately notified credit-card companies to prevent potential fraud. Both Delta and Sears said they worked with federal law enforcement officials and IT-security experts.

It does not appear that the companies' systems were hacked, said Bill Curtis, chief scientist at CAST, a software-security firm. Rather, the malware targeted customers as they made online purchases using infected software.

Consumers "downloaded something that was watching your screen and waiting for the credit cards to float," Curtis said. "They stole the data as you entered it."

A spokesman for (24)7.ai, which is based in San Jose, California, did not immediately respond to a request for comment.

Curtis said (24)7.ai "has a huge liability here." He said companies that use outside technology providers also must take steps to check the security of the software used by those providers.

A Delta spokesman declined to discuss steps the airline took to ensure the security of the (24)7.ai software. Sears, which is based in Hoffman Estates, Illinois, did not respond immediately to a request for comment.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

LG V30+, G6, Q6, Q6+ Available With Discounts in LG Mobile Days Sale on Amazon India
Nokia 7 Plus Gaming Performance Review
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.