It has been a rough week for exposing customer information, from the personal data of 150 million users of Under Armour to the financial data for 5 million customers of Saks, Lord & Taylor. Even Panera had personal information of millions of its users left unprotected on the site of the company. Today, adding some other companies to the growing list, both Delta Air Lines and Sears Holding Corp revealed that some of the payment information of their customers might have been exposed. However, they said that it is only because the software service provider that was hosting the user data of both corporations experienced a breach themselves.
Yesterday, 7.ai, the tech firm that handles the customer information for Kmart and the aforementioned corporations, publicly confirmed the said breach. It said that the incident happened on or following the 27th of September, 2017 and was resolved by the 12th of October. However, Sears was only informed of the said breach last month. The company discovered that the credit card information for below 100,000 of its customers was exposed because of the breach.
In a statement, Delta guaranteed that while a ‘small subset’ of the data of its customers may have been accessible to the hackers, their government ID, passport, and security information was not compromised. It is not clear, however, whether that includes payment information, or if any data was accessed by the hacker — just that it was available to the intruders once the systems of 7.ai were breached.