Security researchers raised their concerns as a malware attack resulted in a massive data breach that lasted about half a month. It is estimated that this cyber-attack may have leaked the credit card details and information of a large customer base availing the services of Delta Airlines and Sears Holdings.
The common link between the different platforms turned out to be 7.ai, an organization providing online chatting services, amongst others. The hackers compromised with the chat services offered by 7.ai and collected the payment details from the customers.
According to the sources in 7.ai, the attack commenced on 26 September 2017 and kept exploiting this security lapse until October 12. However, the company refused to divulge more information related to the nature of the attack. The official statement only confirms the malware attack. Furthermore, the firm declared that their systems are back in operation and have more robust safety features. But the damage has already been done as the credit card information of multiple users has already been leaked amongst malicious circles.
One of the targeted websites, Sears declared that they were alerted of this security breach in the middle of the month of March. It is speculated that the credit card information of over 10,000 customers has been collected through the medium. Fortunately, those making use of a Sears credit card have been spared from this attack. The company will notify the customers who have been impacted and shall keep them up to date with the developments, if any, through their corporate websites.
On the other hand, Delta Airlines did not reveal any digits denoting the number of the affected customers. However, they did confirm that a small subset of their entire customer base has been impacted. Assuaging all the fears, Delta said that apart from the payment information, no other sensitive information like SSN, passport details, Government ID details, have filtered out to the third party hackers. They have floated a dedicated helpline website for customers where they can have their doubts, concerns, and queries. The company will also be directly getting in touch with the customers who have been affected by this attack.
Cybersecurity researchers and analysts were not entirely surprised by this attack due to the previous occurrence of a similar happening in 2013 when Target stores experienced the same security breach. Therefore, analysts are pushing for a reliable vetting process through which third-party risks can be monitored in a real-time environment. Commenting on the breach, Fred Kneip, the CEO of CyberGRX pointed out that irrespective of the targeted customers or field of businesses, most organizations make use of common digital ecosystems. Thus, if one section is compromised, others can be equally affected no matter what services are offered by the company. Moreover, companies cannot give complete access and control to such service providers, therefore, they are at a disadvantage. This grey area makes service providers susceptible to attacks, making them a liability.
These kinds of attacks can be controlled in future with the help of latest and updated antivirus software installed on our computer systems. Some of the most advanced antiviruses like McAfee (www.mcafee.com/activate); Norton (Norton.com/setup); Avast (Avast.com) and AVG (www.avg.com/retail) can be easily installed and activated online and can be proved as a security guard for our PCs.