Delta Air Lines' payment-card information for about "several hundred thousand" airline customers may have been exposed by a malware breach last fall that also hit Sears and other companies. The airline says that the malware attack may have exposed customers' names, addresses, credit card numbers, card security codes, and expiration dates. Delta offered the additional details about the attack on Thursday, a day after saying that only a "small subset" of customers was affected, the AP reports. The airline said that it wasn't sure whether customers' information was actually compromised by malware that it believes was in software used by (24)7.ai, which provided the airline with online chat services for customers.
The software company says it discovered and fixed the breach in October. Sears said in a statement that it believes the malware led to "unauthorized access to less than 100,000 of our customers' credit card information." Sears Holdings Corp., which also operates Kmart stores, said it learned of the problem in mid-March and immediately notified credit-card companies to prevent potential fraud. Both Delta and Sears said they worked with federal law enforcement officials and IT-security experts. Bill Curtis, chief scientist at CAST, a software-security firm, says it appears the malware targeted customers as they made online purchases using infected software. Customers "downloaded something that was watching your screen and waiting for the credit cards to float," Curtis says. "They stole the data as you entered it."
(Read more Delta Air Lines