If you made any online transactions with Delta Airlines, Sears, Kmart, or Best Buy between Sept. 26 and Oct. 12 of last year, your personal and credit card information could have been accessed by cybercriminals.
Now, several customers of those companies who were allegedly harmed by the data breach are filing lawsuits, seeking damages to cover the costs associated with the theft of their personal and financial information.
The data breach stems from a chat application that Delta, Sears, Kmart, and Best Buy use on their websites to offer customers around-the-clock service and sales support. The app was developed and provided by the San Jose-based artificial-intelligence 7.ai, which uses certain identifying details of the customer to predict their intent and enhance their customer service experience.
On April 4, 2018, 7.ai issued a press release saying it had detected and contained a vulnerability in its software that had occurred between Sept. 26 and Oct. 12, approximately six months prior. Delta says it learned of the data breach on March 28. The airline announced it to the public on April 4.
However, even if you didn’t use the chat service on any of the company websites hit by the data breach, you could still be affected. According to CNET, a Delta spokesperson said that “Any customer who entered payment data on delta.com during Sept. 26 to Oct. 17 may have had their information accessed.”
According to Delta, the data breach potentially affects hundreds of thousands of its customers. Sears Holdings, which also owns Kmart, claims fewer than 100,000 of its customers had their information potentially stolen through the data breach.
According to plaintiff lawsuits, the data breach compromised customers’ full name, credit and debit card account numbers, card expiration dates, card verification codes, email address, phone number, street address, and other private identifiable information such as, in Delta’s case, date of birth, gender, redress numbers, and known traveler numbers.
In a class action lawsuit filed in the Northern District of California against 7.ai, Delta and Best Buy, the plaintiffs allege that the defendants failed to uphold “their security promises” to customers.
Instead, the lawsuit asserts, the defendants “intentionally, willfully, recklessly, or negligently [failed] to take adequate and reasonable measures to ensure Defendants’ data systems were protected, failing to disclose to their customers the material” and failed to disclose to customers that “they did not have adequate computer systems and security practices to safeguard customer data.”
On July 11, an attorney for one of the class actions filed a motion to have three data breach class actions pending against 7.ai, Delta, and Best Buy consolidated in federal court in California or Georgia. The Judicial Panel on Multidistrict Litigation will consider the motion in a hearing scheduled for September.
Beasley Allen continues to investigate this matter. If you have received notice from Delta, Best Buy, K-Mart, or Sears that your data has been compromised please contact Beasley Allen for a free consultation.