Delta and Sears said today that a data breach may have leaked the credit card information of hundreds of thousands of customers, as first reported by Reuters. The breach occurred at an online support service company, 7, which powers both Delta and Sears’ online chat platforms.
Last year, 7 suffered a malware attack from September 27th to October 12th, but the company only informed Sears and Delta in mid-March this year about the breach, according to Sears. Delta said in a statement that “it is our understanding” the incident occurred from September 26th last year, and 7 also stated the incident began on the 26th. Customers who made online purchases from Sears and Delta during that time period could have had their credit card information compromised.
Sears estimated “less than 100,000 of our customers’ credit card information” was impacted, and that Sears-branded credit cards had not been affected by the breach. It also said that there was no evidence that internal Sears systems had been accessed by hackers. Delta said: “At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised.” It noted that passports and government IDs were not accessed.
Currently, federal law enforcement authorities, banks, and IT security firms are investigating the breach, said Sears. Sears will start a hotline for customer inquiries by Friday morning and Delta has opened up delta.com/response, a site for customer concerns. 7 said in a press release: “We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.”
This past week, Saks Fifth Avenue and Lord & Taylor announced they had been hit by a data breach that compromised five million credit and debit card numbers recorded by in-store transactions.
Update April 5th, 4:10PM ET: This article has been updated with a statement from 7.