Several hundred thousand Delta customers hit by cyber attack
Staff Writer |
Delta Air Lines said a cyber attack on a contractor potentially exposed the payment information of several hundred thousand customers.
Article continues below
A data breach from September 26 to October 12 at a company called [24]7.ai allowed unauthorized access to customers’ names, address, payment-card information, CVV numbers and expiration dates, Delta said.
The vendor, which provides online chat services to Delta, notified the carrier and other clients last week.
"Last week, on March 28, Delta was notified by [24]7.ai, a company that provides online chat services for Delta and many other companies, that [24]7.ai had been involved in a cyber incident.
"It is our understanding that the incident occurred at [24]7.ai from Sept. 26 to Oct. 12, 2017, and that during this time certain customer payment information for [24]7.ai clients, including Delta, may have been accessed – but no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.
"Upon being notified of [24]7.ai's incident, Delta immediately began working with [24]7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system.
"We also engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by [24]7.ai last October.
"At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised.
"We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers' information is of critical importance to us and a responsibility we take extremely seriously.
"On Thursday Delta launched delta.com/response, a dedicated website, which we will update regularly to address customer questions and concerns. We will also directly contact customers who may have been impacted by the [24]7.ai cyber incident.
"In the event any of our customers' payment cards were used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity." ■
Under an intense surge of arctic air, Friday morning will begin with the coldest temperatures so far this season across much of the central and eastern U.S. with blustery conditions and a piercing wind chill.