Delta customers’ information possibly exposed in cyber attack

A software company that provides online services for Delta Air Lines has been involved in a cyber incident potentially exposing the U.S. carrier’s customers’ payment information, the airline stated on April 4, 2018.

Delta says it was notified on March 28, 2018, by [24]7.ai, a California, San Jose-based company which provides online chat services for the airline, that “[24]7.ai had been involved in a cyber incident”, dating back to 2017.

In an official statement released on April 4, 2018, Delta says that the cyber attack occurred from September 26, 2017, to October 12, 2017, during which time “certain customer payment information for [24]7.ai clients, including Delta, may have been accessed.”

In a statement issued by [24]7.ai earlier on that day, the company claims it has “discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies,” adding that “affected clients have been notified.”

Although the data breach was reportedly resolved by [24]7.ai itself in October 2017, the U.S. carrier says it is working with the software company to learn if the cyber attack could have potentially impacted Delta customers, delta.com, and Delta computer systems. The airline states it has also engaged federal law enforcement and forensic teams for the matter.

Delta assures that no other customer personal information – such as passport, government ID, security or SkyMiles details – was impacted. However, it also acknowledges that “At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised.”

To ameliorate the situation and address customer concerns, Delta is launching a website dedicated to resolving the issue – delta.com/response – at noon ET on April 5, 2018. The website will be updated regularly to respond to customers’ questions.

In addition, Delta says it will directly contact customers who may have been impacted by the cyberattack and that “in the event any of our customers’ payment cards were used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity.”

Delta is the second-largest airline in the U.S. based on passenger numbers. The Georgia, Atlanta-based carrier reported carrying a record 16.6 million passengers across its global network in March 2018.

This latest news comes after another U.S. aviation industry giant – Boeing – reported a cyberattack on its computer systems on March 28, 2018.

Source – AeroTime