Delta and Sears hit by data breach at outside vendor

(CBS NEWS) -- A cyberattack on a vendor that supplies online chat services to Delta Air Lines (DAL) potentially exposed payment information involving "several hundred thousand customers," the carrier said Thursday. Sears (SHLD) was also hit by a similar breach at the same contractor.

The breach that affected Delta occurred from Sept. 26 to Oct. 12 at a company called [24]7.ai. It let hackers access customer information including names, address, credit card information, CVV numbers and expiration dates, Delta said in a statement.

The contractor notified customers including Delta of the breach last week and saidit had "contained" the incident affecting online customer payment information of its clients.

Delta set up a site offering information on the incident, while Sears said it would have a hotline for customers to call set up by Friday morning. 

On Wednesday, Sears said it was alerted in mid-March by the same vendor of a security breach that occurred last fall. The incident allowed unauthorized access to less than 100,000 of its customers' payment-card information, the retailer said.

Both incidents add to the expanding count of companies announcing cyberattacks in recent days that have exposed information on millions of people. Under Armour(UAA) and Boeing (BA) are among those have revealed breaches.

Share this article: