7.ai, a company that provides online support services to Sears and Kmart, notified us, as well as a number of other companies, that they experienced a security incident last fall. We believe this incident involved unauthorized access to less than 100,000 of our customers’ credit card information. As soon as 7.ai informed us in mid-March 2018, we immediately notified the credit card companies to prevent potential fraud, and launched a thorough investigation with federal law enforcement authorities, our banking partners, and IT security firms.
As a result of that investigation, we believe the credit card information for certain customers who transacted online between September 27, 2017 and October 12, 2017 may have been compromised. Customers using a Sears-branded credit card were not impacted. In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible. 7.ai has assured us that their systems are now secure.
Data security is of critical importance to our company, and we take any matter related to customer’s personal information very seriously. Our top priority at this point is to quickly identify the impacted customers, notify and assist them in every way possible. It is important to note that the policies of most credit card companies state that customers have no liability for any unauthorized charges if they report them in a timely manner. As more information becomes available, we will post updates to our corporate website http://searsholdings.com/update, and we will be establishing a hotline for customers by 10 a.m. Friday, April 6.
Statement issued earlier Wednesday by 7.ai on Information Security Incident
7.ai discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified. The incident began on Sept. 26, and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers’ online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.