Delta has released a statement saying they have been affected by a data breach.
Delta was advised of the breach by [24]7.ai, a company that provides online chat services to Delta. The breach was between 26 September and 12 October last year. The breach allowed unauthorised access to customers names, addresses, credit card information, CCV numbers and expiry dates on credit cards.
Passports and government IDs are not affected.
It is still unknown how many Delta customers are affected. Only those that entered data manually online are at risk according to Delta. Transactions using Delta Wallet are safe.
Delta has called in Federal investigators.
Delta, the nation’s No. 2 airline carrier by traffic, said it had identified hundreds of thousands of customer transactions that might have been compromised between Sept. 26 and Oct. 12, 2017 https://t.co/P5aYtoTsSs
— The Wall Street Journal (@WSJ) April 5, 2018
[24]7.ai also notified Sears they were affected in the same breach. Sears says that less than 100 000 of their customers were affected, while Delta says it was only a small sub-set of their passengers affected. [24]7.ai told Time that they had “‘contained’ the incident and their technology was now safe.” It has also been reported by CNet that Best Buy and Kmart(US) are affected by the same breach.
Passengers are advised to check Delta’s response website. Delta will also directly email affected passengers. It is also recommended those that have used their credit or debit card for Delta services their credit card statements.
Statement from [27]7.ai:
“[24]7.ai discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified. The incident began on Sept. 26, and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers’ online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.”
Statement from Delta:
“Last week, on March 28, Delta was notified by [24]7.ai, a company that provides online chat services for Delta and many other companies, that [24]7.ai had been involved in a cyber incident. It is our understanding that the incident occurred at [24]7.ai from Sept. 26 to Oct. 12, 2017 and that during this time certain customer payment information for [24]7.ai clients, including Delta, may have been accessed – no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.
“Upon being notified of [24]7.ai’s incident last week, Delta immediately began working with [24]7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system. We also engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by [24]7.ai last October. At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised.
“We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers’ information is of critical importance to us and a responsibility we take extremely seriously. We will be updating http://www.delta.com/response regularly to address customer questions and concerns. We will also be directly contacting customers who may have been impacted by the [24]7.ai cyber incident. In the event any of our customers’ payment cards were used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity.”
