BPO firm [24]7.ai says it was breached; Sears and Delta Airlines affected

Business process outsourcing company [24]7.ai said it had discovered a hack that potentially affected online customer payment information of a small number of its clients. Customers such as Sears and Delta Airlines announced that their data had been affected in the hack.

“The incident began on Sept. 26, and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers’ online safety,” the BPO company said in a statement.

It added that its platform was now secure and that it was working with its clients to determine if any of their customer information was accessed. The BPO was founded by PV Kannan and Shanmugam Nagarajan in the early 2000s.

US retailers Sears Holdings separately announced that its customer data might have been affected in the hack.

“We believe this incident involved unauthorized access to less than 100,000 of our customers’ credit card information. As soon as [24]7.ai informed us in mid-March 2018, we immediately notified the credit card companies to prevent potential fraud, and launched a thorough investigation with federal law enforcement authorities, our banking partners, and IT security firms,” Sears said in a statement.

The retailer added that its internal systems or store had not been compromised.

Delta Airlines, which uses [24]7.ai for online chat services, said the BPO company notified it about the breach on March 28.

“We will also directly contact customers who may have been impacted by the [24]7.ai cyber incident. In the event any of our customers’ payment cards were used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity,” the airline said.