Watch CBS News

Delta and Sears hit by data breach at outside vendor

Atlanta recovering from ransomware attack
Atlanta in recovery mode after ransomware cyberattack 05:12

A cyberattack on a vendor that supplies online chat services to Delta Air Lines (DAL) potentially exposed payment information involving "several hundred thousand customers," the carrier said Thursday. Sears (SHLD) was also hit by a similar breach at the same contractor.

The breach that affected Delta occurred from Sept. 26 to Oct. 12 at a company called [24]7.ai. It let hackers access customer information including names, address, credit card information, CVV numbers and expiration dates, Delta said in a statement.

The contractor notified customers including Delta of the breach last week and said it had "contained" the incident affecting online customer payment information of its clients.

Delta set up a site offering information on the incident, while Sears said it would have a hotline for customers to call set up by Friday morning. 

On Wednesday, Sears said it was alerted in mid-March by the same vendor of a security breach that occurred last fall. The incident allowed unauthorized access to less than 100,000 of its customers' payment-card information, the retailer said.

Both incidents add to the expanding count of companies announcing cyberattacks in recent days that have exposed information on millions of people. Under Armour (UAA) and Boeing (BA) are among those have revealed breaches.

View CBS News In
CBS News App Open
Chrome Safari Continue
Be the first to know
Get browser notifications for breaking news, live events, and exclusive reporting.