A software firm providing online services for Delta Air Lines has been involved in a cyber incident potentially exposing the carrier’s customers’ payment information.
Delta said in a statement on 4 April that on 28 March it was notified by 7.ai, a company that provides online chat services for Delta and many other companies, that 7.ai had been involved in a cyber incident, which had occurred at from 26 September to 12 October 2017.
The carrier said during this time certain customer payment information for 7.ai clients, including Delta, may have been accessed – but no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.
The Delta statement also said: “Upon being notified of 7.ai’s incident, Delta immediately began working with 7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system.
“We also engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by 7.ai last October.
“At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised.
“We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers’ information is of critical importance to us and a responsibility we take extremely seriously.
“On Thursday Delta launched delta.com/response, a dedicated website, which we will update regularly to address customer questions and concerns. We will also directly contact customers who may have been impacted by the 7.ai cyber incident.
“In the event any of our customers’ payment cards were used fraudulently as a result of the 7.ai cyber incident, we will ensure our customers are not responsible for that activity.”
Delta is the second-largest airline in the US based on passenger numbers and carried a record 16.6 million across its global network in March 2018.