Malware Attack on Vendor To Blame for Delta and Sears Data Breach Affecting 'Hundreds of Thousands' of Customers

Delta Air Lines and Sears Holding on Thursday disclosed a data breach that may have exposed the payment card details of hundreds of thousands of online customers. From a report: The breach originated at a software vendor called [24]7, which provides Sears, Delta, and other businesses with online chat services. Less than 100,000 Sears customers were supposedly impacted, according to Sears. A Delta spokesperson said hundreds of thousands of travelers are potentially exposed. Gizmodo has learned the breach was the result of a malware attack, and that the unauthorized access involved payment card numbers, CVV numbers, and expiration dates, in addition to customers' names and addresses.

In a statement, [24]7 said the breach occurred on September 27th of last year and was contained roughly two weeks later. In a statement, Sears said it was first notified about the breach in mid-March. Credit card companies have been notified, and law enforcement is likewise investigating the incident. "Customers using a Sears-branded credit card were not impacted," Sears said. "In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible."

Re:plain english

Why did it take 5 months to disclose? As a simple hypothesis, I would suggest its because disclosure in November may have had an impact on Deltas ability to generate anticipated levels of revenue in December, a major holiday travel season.

It was discovered by [24]7 in the fall and according to the article, they sat on the information, not Delta/Sears.

In a statement, Sears said it was first notified about the breach in mid-March.