The nation’s second largest airline, Delta, revealed that some of its passengers payment information may have been breached in an attack last fall at a tech provider.
The airline apparently wasn’t the only potential victim of the attack on software service provider [ 24]7.ai, a Silicon Valley firm that also works with retailing giant Sears.
The companies insisted that only a small number of customers were potentially affected.
In a statement, Delta reported that the breach took place from Sept. 26 to Oct. 12, 2017.
“During this time certain customer payment information for 7.ai clients, including Delta, may have been accessed – but no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted,” the carrier said.
It said it had only learned of the incident on March 28, and that after working with federal law enforcement, it was able to confirm that the unauthorized access was cut off shortly after the breach took place.
To assuage travelers’ concerns that their information may be exposed, Delta says it is setting up a dedicated website, delta.com/response, to provide consumers with updates on the situation. In any event, customers will not be held responsible for any fraudulent charges on their accounts, the airline confirmed.
Meanwhile, Delta sought to reassure the traveling public that its systems are secure, especially as it moves to push more passengers to use its mobile app and other online services. The issue is particularly urgent, given the general increase in cyber attacks across the board – such as a recent ransomware on Atlanta, that knocked out IT systems for important functions, including its airport.
“We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers' information is of critical importance to us and a responsibility we take extremely seriously,” Delta said.