Hundreds of thousands of online shoppers of Delta Airlines, Kmart, Sears and Best Buy may have had their personal information stolen in a security breach of [24]7.ai, a provider of customer service chat software.
The business process outsourcing company informed the affected companies in mid-March that it had discovered a hack that potentially affected online customer payment information of a small number of its clients, even if they did not use the chat feature.
In addition to stolen credit card information, hackers may have accessed names and other important personally identifiable information.
In an April 4 press release, [24]7.ai said, “The incident began on Sept. 26, and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers’ online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.”
Sears, Delta and Best Buy announced that their data had been affected in the hack.
In a notice on Delta.com, airline officials told customers of the hack and stated, “Delta immediately began working with [24]7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system. We also engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by [24]7.ai last October. At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised.”
On its website, Best Buy informed customers, “[24]7.ai has indicated that customer payment information may have been compromised during that time and, if that were the case, then a number of Best Buy customers would have had their payment information compromised, as well.”
The electronics retailer said, like Delta, they have notified law enforcement and in working with [24]7.ai, determined that a small fraction of their overall online customer population could have been affected, whether or not they used the chat function.
Sears Holdings, which includes Sears and Kmart, said in a statement on their website that they “believe this incident involved unauthorized access to less than 100,000 of our customers’ credit card information.”
“We immediately notified the credit card companies to prevent potential fraud, and launched a thorough investigation with federal law enforcement authorities, our banking partners, and IT security firms,” a Sears official said. “Customers using a Sears-branded credit card were not impacted. In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible. [24]7.ai has assured us that their systems are now secure.”