Delta Air Lines has reported a cyber breach via an online chat service, highlighting the security risks of third-party technology providers.
The breach affecting Delta occurred at IT services provider [24]7.ai between September 26 and October 12 last year.
Delta said it was informed of the breach on March 28. The airline reported it on April 5, saying “certain customer payment information may have been accessed”.
The airline has offered free credit-monitoring services to customers affected and launched a dedicated website, delta.com/response, to provide updates and answer questions.
The carrier reported the cyberattack may have exposed the payment information of “several hundred thousand” customers.
Delta said: “We will directly contact customers who may have been impacted by the cyber incident.”
California-based software company [24]7.ai offers services such as predictive analytics and virtual agents. Delta said the company provided it with online chat services and it had shut down the chat function.
On being informed of the breach, Delta said: “We engaged federal law enforcement and forensic teams and have confirmed that the incident was resolved last October.
“At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was accessed or subsequently compromised.
“In the event any of our customers’ payments cards were used fraudulently as a result of the cyber incident, we will ensure our customers are not responsible for that activity.”
The EU General Data Protection Regulation (GDPR) which comes into force in Europe from May 25 requires organisations to notify national regulators of a data breach within 72 hours.
Separately, Delta reported record first-quarter revenue of almost $10 billion for the three months to March, up 10% or $867 million on last year.
However, the carrier’s operating profit for the quarter fell 16% to $840 million as Delta reported: “Record revenues were offset by higher fuel prices and other increased costs including a $44 million impact from severe winter weather.”