Thousands of Delta Customers' Credit Card Information Hacked
Delta Airlines released a statement Wednesday confirming that it had been the victim of a massive cyber attack.
Delta was notified by 7.ai, a company that provided online chat services for the airline, that it had been hacked and that "certain customer payment information for 7.ai clients, including Delta, may have been accessed."
Delta said that several hundred thousand people could potentially be affected by the breach. Malware was found in 7.ai’s software that attempted to access Delta customers' credit card information.
"At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised," Delta said.
Delta was notified about the incident on March 28. The hack itself occurred over a period of a couple weeks in the fall of 2017, beginning on September 26 and ending October 12, 2017.
The hack appeared to only affect customers who entered their credit card information manually:
There was no impact to the Fly Delta app, mobile delta.com or any other Delta computer system. Payment card information for those customers who used Delta Wallet to complete transactions was not compromised. The malware could only collect the information shown on the screen, so credit card information automatically populated by Delta Wallet functionality would have remained masked and not useable.
Stolen information potentially includes customers' names, addresses, payment card numbers, CVV numbers and expiration dates. Fortunately, other personal details like passport, government ID, security or SkyMiles information was not affected.
The airline is working with federal law enforcement and forensic teams to investigate the security breach. It's also launched a dedicated webpage to provide updates on the situation. Delta said it will notify customers who they think may have had their information stolen, adding that the company will ensure its customers are not responsible for any fraudulent activity and will also provide free credit monitoring to those affected.
“We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers' online safety," 7.ai said in a separate statement. "We are confident that the platform is secure.”