Another day, another data breach. This time, Sears and Delta airlines are the latest targets. Malware is being blamed this time.
April seems to continue to be a rather busy month. Last week, we reported on the Saks and Lord & Taylor breach which saw 5 million payment cards be compromised. Shortly after that, Panerabread saw a leak on their website network where up to 37 million customers had their personal information compromised.
It seems that another data breach hit another couple of companies. This includes Delta Airlines and Sears. According to Gizmodo, malware is being blamed for this breach. From the report:
The breach originated at a software vendor called 7, which provides Sears, Delta, and other businesses with online chat services. Less than 100,000 Sears customers were supposedly impacted, according to Sears. A Delta spokesperson said hundreds of thousands of travelers are potentially exposed.
Gizmodo has learned the breach was the result of a malware attack, and that the unauthorized access involved payment card numbers, CVV numbers, and expiration dates, in addition to customers’ names and addresses.
In a statement, 7 said the breach occurred on September 27th of last year and was contained roughly two weeks later. In a statement, Sears said it was first notified about the breach in mid-March. Credit card companies have been notified, and law enforcement is likewise investigating the incident.
“Customers using a Sears-branded credit card were not impacted,” Sears said. “In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible.”
Delta said it would be contacting customers directly by first-class postal mail and launching a dedicated phone line and website for those affected. Free credit monitoring will be offered.
It’s unclear exactly how many customers are impacted by this, but the term being floated around is “hundreds of thousands”. One thing is for sure, April is already shaping up to be one busy month in the area of data leaks and breaches.