Skip to main content
close search
site logo
Dive Brief

Breaches galore: Malware attack on vendor at heart of Delta, Sears data breaches

Published April 6, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Adobe Stock

Dive Brief:

  • Delta Airlines and Sears Holding Corp. were among the customers impacted by a malware attack on a software vendor, called [24]7, which provides the companies with online chat services, according to both Delta and Sears. The malware was in [24]7's system in 2017 between September 26 and October 12, potentially compromising credit card numbers used in that time frame. 

  • The companies disclosed data breaches affecting payment information of their customers, reports Fortune. Sears later said the incident impacted less than 100,000 of its customers. Delta believes that the information of "several hundred thousand customers" may have been exposed as a result of the cyberattack. 

  • Delta and Sears were not alone in announcing breaches this week. Saks Fifth Avenue, Saks Off 5th and Lord & Taylor disclosed they were among the retailers under Hudson's Bay's umbrella to have their in-store point-of-sale systems compromised last year. Reports surfaced this week that Panera Bread also suffered a breach, according to KrebsOnSecurity. During an eight month period, 37 million customer records leaked, however the food chain refuted the extent of the breach.

Dive Insight:

From soups to passports to shoes, businesses across industries were victims of this week's latest security breaches.

But the attack on a company's tech vendor says more about the relationship businesses have with their providers than it does about security in general.

It is all too frequent that malware attacks prey on the shortcomings of cybersecurity. Usually cracks are in the foundation, whether it's outdated software or an uneducated workforce, susceptible to phishing schemes.

But if a vendor is hackable, so are its customers. Cybersecurity practices are only as strong as their weakest link and that includes everyone on a company's network. This is the not the first time a business was left dealing with the backlash of a security breach due to a tech provider's problems.

Open AWS S3 buckets have lead to the Department of Defense, World Wrestling Entertainment and Verizon to clean up data leaks. Both the private and public sectors cannot run functional cybersecurity practices in isolation.

Instead, there needs to be constant communication for vendors and their customers to avoid a "software jailhouse" or frictions that develop when one business lets its partners down.

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
Viz.ai Wins Prestigious Prix Galien USA Award for Best Digital Health Solution
From Viz.ai
November 12, 2024
DigiCert Welcomes Lakshmi Hanspal as New Chief Trust Officer
From DigiCert
October 24, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Blackpoint Cyber Launches Global Partner Program and Enablement Platform Emphasizing a Focus o…
From Blackpoint Cyber
October 30, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell