Cyber Incident Victim: [24]7.ai
Date:
Sep 2017
Location:
United States of America
Summary
A cybersecurity breach at customer service provider7.ai compromised payment card data for clients including Sears, Kmart, and Delta Airlines. The incident affected approximately 100,000 Sears and Kmart customers' credit card details, while Delta reported a limited number of impacted customers but confirmed passport and loyalty program data remained secure. The intrusion occurred over several weeks before detection, with delayed notifications leaving clients unaware for months. Unlike typical point-of-sale attacks, this breach originated through vulnerabilities in the third-party vendor's systems, highlighting supply chain risks. The provider's platform supports automated interactions for major brands handling hundreds of millions of annual customer engagements, amplifying potential exposure despite limited confirmed impact scope.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The cybersecurity incident involving7.ai, a provider of AI-driven online customer support services, began on September 26, 2017, when unauthorized actors gained access to the company's platform. The breach persisted undetected until October 12, 2017, when7.ai discovered the intrusion. The compromise affected customer payment information processed through the platform during this 16-day period. Third-party clients relying on7.ai's services—including Sears, its subsidiary Kmart, and Delta Airlines—experienced downstream impacts, though notification delays occurred. Sears stated it was not informed of the breach until mid-March 2018, while Delta received notification on March 28, 2018, approximately five to six months after the incident's discovery.
Sears disclosed that approximately 100,000 customers across its Sears and Kmart brands had payment card information exposed. Delta characterized affected customers as a "small subset" but did not provide specific numbers. The airline confirmed passport details, government identification documents, security information, and SkyMiles data remained unaffected.7.ai's broad client base, described as serving "several hundred million visitors annually" through automated conversations, suggested potential wider impacts beyond confirmed cases. Unlike typical point-of-sale breaches, this incident stemmed from a third-party service provider's systems rather than direct network compromises at Sears, Kmart, or Delta. No details regarding encryption status of stolen data or specific attacker methodologies were disclosed. The delayed public disclosure occurred in April 2018 when impacted organizations began notifying customers, nearly seven months after the breach window closed.