Overnight, news broke that Delta Airlines, Sears, Kmart and more were affected by a data breach at software service provider [24]7.ai. Despite the incident starting on Sept. 26, 2017 and being resolved by Oct. 12, Sears has said it was only notified of the incident a few weeks ago.
The incident led to unauthorised access to the credit card information of under 100,000 of its customers. Delta Airlines is currently uncertain if its information was accessed and compromised. Luke Brown, VP EMEA at WinMagic commented below.
Luke Brown, VP EMEA at WinMagic:
“Fortunately, the impact on Sears and Delta Air customers of this particular data breach appears to be minimal. But any company that allows unauthorised access to its customers’ credit card data has some pretty serious security challenges. We don’t know the details of this particular incident, but one thing is clear – the data accessed by these hackers can’t have been encrypted. If was, they couldn’t have read it. In the movies, they say something is encrypted and somebody can hack it in 5 minutes. That is not true. If something is encrypted with a strong password, nobody is going to unlock it. Companies can implement all the security bells and whistles they want to protect their perimeter, but if they leave the crown jewels – i.e. data – unprotected, they’re leaving themselves wide open for a breach.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.