Keeping customer information safe from hackers and threat actors is a tall order for companies nowadays. Their data is always under attack from cybercriminals waiting for that right software hole to exploit, hoping for one big payday.
But it's not just the companies themselves who need to shore up their data security. The corporate world is filled with partnerships, connections, networks, and vendors that handle sensitive personal data as well. Just last month, a Walmart partner exposed the data of 1.3 million customers. Yikes!
This time around, however, customer information from not just one, but two major companies have been breached due to a third-party software partner malware attack. Read on and see if you're affected.
Software partner breach led to data theft
On Thursday, Sears Holding Corp. and Delta Air Lines Inc. revealed that the payment information of hundreds of thousands of their online customers may have been exposed. Who's the culprit?
Well, apparently a software service provider called 7 suffered a malware attack on or after Sept. 26, 2017, and hackers got away with the credit card numbers, CVV numbers, expiration dates, names, and addresses of around 100,000 customers (and potentially hundreds of thousands more). The incident was resolved two weeks later, on October 12, 2017.
7 provides online chat and support services for a number of companies like Delta, Sears, and Kmart. In an official statement, 7 said that it has notified Sears in mid-March of this year and the incident is already being investigated.
It's still unclear why 7 decided to wait for more than five months before informing the affected companies about the data breach.
It's a grim reminder but this incident just illustrates how businesses should be careful about choosing which partners and vendors to use. No matter how secure their own websites are, smaller third-party partners can be the weakest link that hackers can pounce on to steal customer information.
Sears said that customers using Sears credit cards are not impacted nor is there evidence that its stores and internal systems were compromised and accessed.
The retailer also said that the affected credit card companies have been notified and has contacted law enforcement authorities to investigate the incident. The company stated that fewer than 100,000 Sears customers may have been impacted.
Delta Air Lines
For its part, Delta Air Lines said that while a number of its customers may have been exposed, it can't say for certain that the information was accessed and compromised. However, hundreds of thousands of Delta customers may have been potentially exposed.
The airline company also said that personal details related to passport, government identification, security and frequent flier information were not impacted.
How will you know if you're impacted? Delta said that affected customers will be contacted via first-class postal mail. Delta is also launching a dedicated support telephone line, a website and free credit monitoring for the victims.
There's no word yet if Kmart customers or other companies aside from Delta and Sears are affected by the 7 breach.
What to do after a data breach?
Whenever a big data breach like this occurs, there are standard security steps that we should all take.
First, you should already be frequently checking your bank statements, looking for suspicious activity. If you see anything that seems strange, report it immediately to your bank. It's the best way to keep your financial accounts safe.
Scammers will try and piggyback on data breaches like this. Beware of phishing scams that pretend to be from Sears, Delta Air Lines, Kmart or 7.
It's also a good time to audit your online accounts and passwords. This is especially true if you use the same credentials for multiple websites.
Lastly, if you think you are already compromised, put a credit freeze on your accounts as soon as you can.
If you ate here you may be one of 37 million whose data was leaked
This incident is not the only big data leak this week. It appears that a large restaurant chain may have revealed the information of millions of customers. Click here for the details.