Breach Notification , Incident & Breach Response , Security Operations

Breaches Tied to Chat Network Provider

Delta, Sears, Kmart and Best Buy Breaches All Stem From Hack of Same Vendor
Breaches Tied to Chat Network Provider

A spate of payment card breaches at some of the most recognized U.S. brands has been blamed on the hacking of India-based chat network provider [24]7.ai that led to the infiltration of online chat portals for Delta, Sears, Best Buy, Kmart and perhaps others.

See Also: Are You APT-Ready? The Role of Breach and Attack Simulation

In a statement, [24]7.ai disclosed that it had discovered and contained an incident potentially affecting the online customer payment information of a small number of its client companies. The incident began on Sept. 26, 2017, and was discovered and contained on Oct. 12, 2017, the company reports.

Reports From Affected Companies

Sears Holdings, which owns the Sears and Kmart chains, says that the breach involved unauthorized access to less than 100,000 of its customers' credit card information. The retailer says there was no evidence that stores were compromised or that any internal Sears systems were inappropriately accessed.

Delta, in a similar statement, noted that certain customer payment information may have been accessed - but no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.

Best Buy acknowledged Friday that it too had been hit by the same attack.

Given that the statements issued by affected companies have few specific details, there could be further revelations to come on the scale and scope of the attack.

Other Companies Affected?

A profile of [24]7.ai published in January 2018 highlights that, in addition to the companies that have been cited in the breach, the chat provider also serves Hilton, AT&T, Citi, American Express, eBay and Farmers Insurance. American Express and Farmers Insurance have confirmed they weren't affected by the breach, according to CNET

The website for [24]7.ai, while providing no specifics on client companies, indicates that it provides online chat services across multiple verticals, including financial services, healthcare, retail, telecom, travel and hospitality and education.

A Cautionary Tale

"I view this as a bit of a cautionary tale," says Al Pascual, senior vice president of research at Javelin Strategy & Research.

"There has been significant interest in expanding the role of chat bots. Inevitably that will mean more access to and use of sensitive customer information. These third-party systems, like any others, need to be fortified - especially before they begin to take on that imagined role as a replacement for human customer service associates."


About the Author

Nick Holland

Nick Holland

Former Director, Banking and Payments

Holland focused on the intersection of digital banking, payments and security technologies. He has spoken at a variety of conferences and events, including Mobile World Congress, Money2020, Next Bank and SXSW, and has been quoted by The Wall Street Journal, CNN Money, MSNBC, NPR, Forbes, Fortune, BusinessWeek, Time Magazine, The Economist and the Financial Times.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.co.uk, you agree to our use of cookies.