Log inRegister

Breaches Tied to Chat Network Provider

Breach Notification , Breach Response , Data Breach

Delta, Sears, Kmart and Best Buy Breaches All Stem From Hack of Same Vendor(@nickster2407) • April 6, 2018    Breaches Tied to Chat Network Provider

Watch for updates on this developing story.

See Also: Addressing the Identity Risk Factor in the Age of 'Need It Now'

A spate of payment card breaches at some of the most recognized U.S. brands has been blamed on the hacking of India-based chat network provider [24]7.ai that led to the infiltration of online chat portals for Delta, Sears, Best Buy, Kmart and perhaps others.

In a statement, [24]7.ai disclosed that it had discovered and contained an incident potentially affecting the online customer payment information of a small number of its client companies. The incident began on Sept. 26, 2017, and was discovered and contained on Oct. 12, 2017, the company reports.

Reports From Affected Companies

Sears Holdings, which owns the Sears and Kmart chains, says that the breach involved unauthorized access to less than 100,000 of its customers' credit card information. The retailer says there was no evidence that stores were compromised or that any internal Sears systems were inappropriately accessed.

Delta, in a similar statement, noted that certain customer payment information may have been accessed - but no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.

Best Buy acknowledged Friday that it too had been hit by the same attack.

Given that the statements issued by affected companies have few specific details, there could be further revelations to come on the scale and scope of the attack.

Other Companies Affected?

A profile of [24]7.ai published in January 2018 highlights that, in addition to the companies that have been cited in the breach, the chat provider also serves Hilton, AT&T, Citi, American Express, eBay and Farmers Insurance. American Express and Farmers Insurance have confirmed they weren't affected by the breach, according to CNET

The website for [24]7.ai, while providing no specifics on client companies, indicates that it provides online chat services across multiple verticals, including financial services, healthcare, retail, telecom, travel and hospitality and education.