Breach Notification , Incident & Breach Response , Managed Detection & Response (MDR)
Breaches Tied to Chat Network Provider
Delta, Sears, Kmart and Best Buy Breaches All Stem From Hack of Same VendorA spate of payment card breaches at some of the most recognized U.S. brands has been blamed on the hacking of India-based chat network provider [24]7.ai that led to the infiltration of online chat portals for Delta, Sears, Best Buy, Kmart and perhaps others.
See Also: Effective Communication Is Key to Successful Cybersecurity
In a statement, [24]7.ai disclosed that it had discovered and contained an incident potentially affecting the online customer payment information of a small number of its client companies. The incident began on Sept. 26, 2017, and was discovered and contained on Oct. 12, 2017, the company reports.
Reports From Affected Companies
Sears Holdings, which owns the Sears and Kmart chains, says that the breach involved unauthorized access to less than 100,000 of its customers' credit card information. The retailer says there was no evidence that stores were compromised or that any internal Sears systems were inappropriately accessed.
Delta, in a similar statement, noted that certain customer payment information may have been accessed - but no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.
Best Buy acknowledged Friday that it too had been hit by the same attack.
Given that the statements issued by affected companies have few specific details, there could be further revelations to come on the scale and scope of the attack.
Other Companies Affected?
A profile of [24]7.ai published in January 2018 highlights that, in addition to the companies that have been cited in the breach, the chat provider also serves Hilton, AT&T, Citi, American Express, eBay and Farmers Insurance. American Express and Farmers Insurance have confirmed they weren't affected by the breach, according to CNET
The website for [24]7.ai, while providing no specifics on client companies, indicates that it provides online chat services across multiple verticals, including financial services, healthcare, retail, telecom, travel and hospitality and education.
A Cautionary Tale
"I view this as a bit of a cautionary tale," says Al Pascual, senior vice president of research at Javelin Strategy & Research.
"There has been significant interest in expanding the role of chat bots. Inevitably that will mean more access to and use of sensitive customer information. These third-party systems, like any others, need to be fortified - especially before they begin to take on that imagined role as a replacement for human customer service associates."