It's been a tough week for exposing customer data, from the personal info of 150 million Under Armour users to financial data for 5 million Saks, Lord & Taylor customers. Even Panera left personal information for millions of users unprotected on its site. Add another couple companies to the list: Today, both Sears Holding Corp and Delta Air Lines admitted that some of their customer payment information may have been exposed. But only because the software service provider that was hosting both corporations' user data suffered a breach themselves.
The tech firm 7.ai, which handles customer data for the aforementioned corporations and Kmart, publicly confirmed the breach yesterday. The incident happened on or following September 27th, 2017 and was resolved by October 12th, but Sears was only informed of the breach in mid-March. The company learned that credit card information for under 100,000 of its customers was exposed.
In a statement, Delta assured that while a 'small subset' of its customers' information may have been available to the hackers, their passport, government ID and security data wasn't compromised. It's unclear whether that includes payment information, or if any data was accessed -- just that it was available to the intruders once 7.ai's systems were breached.