Delta Air Lines Cyber Incident: Customer Information Breach Possible

Certain payment information from customers of Delta Air Lines may have been breached last year due to what the airline calls a “cyber incident”.

Delta Air Lines Cyber Incident: Customer Information Breach Possible

The official unedited statement issued from Delta Air Lines is as follows:

Last week, on March 28, Delta was notified by [24]7.ai, a company that provides online chat services for Delta and many other companies, that [24]7.ai had been involved in a cyber incident. It is our understanding that the incident occurred at [24]7.ai from Sept. 26 to Oct. 12, 2017, and that during this time certain customer payment information for [24]7.ai clients, including Delta, may have been accessed — but no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.

Upon being notified of [24]7.ai’s incident, Delta immediately began working with [24]7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system. We also engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by [24]7.ai last October. At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised.

We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers’ information is of critical importance to us and a responsibility we take extremely seriously. Delta will launch delta.com/response, a dedicated website, noon ET April 5, which we will update regularly to address customer questions and concerns. We will also directly contact customers who may have been impacted by the [24]7.ai cyber incident. In the event any of our customers’ payment cards were used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity.

The following unedited statement was issued earlier on Wednesday, April 4, 2018 by [24]7.ai pertaining to the information security incident:

[24]7.ai discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified. The incident began on Sept. 26 and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers’ online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.

Just last week, an announcement from Delta Air Lines officially proclaimed that members of Delta Sky Club who are also members of CLEAR can use their fingerprints to enter all 50 Delta Sky Club locations in the United States; and that is already currently in effect.

Summary

Between the incidents involving Delta Air Lines, Hyatt Corporation, HiltonKimpton Hotels and Restaurants, Facebook, Equifax, and other various companies in recent years, protecting your sensitive information has become almost impossible to do…

…and yet, few measures are in place to rectify the potentially disastrous results which could possibly occur from these data breaches — as though few corporations and government entities are unconcerned about confronting the seriousness of such breaches and attacks.

At least Delta Air Lines seems to be responding to this incident better and more seriously than most companies.

I am uncertain at this time as to what is the answer — but this trend simply cannot continue unchecked, in my opinion…

…and innocent victims of such breaches and attacks should not be subject to the significant effort and cost just to maintain the integrity of their personal information. which could result in identity theft and other nightmarish experiences. Stricter and more secure measures — which are transparent to individual consumers — should be employed as soon as possible to either mitigate or eliminate similar incidents in the future.

The main campus of the world headquarters of Delta Air Lines in Atlanta. Photograph ©2009 by Brian Cohen.

2 thoughts on “Delta Air Lines Cyber Incident: Customer Information Breach Possible”

  1. Enjoy Fine Food says:

    I am impressed that Delta “will also directly contact customers who may have been impacted” and “will ensure our customers are not responsible for [fraudulent payment card] activity.”

    The email message I have received after so many of these data breaches is “make sure you frequently change your passwords” as if I were the one who was lax and giving away my private information. I guess they are just reinforcing the fact I already know — that I need to protect myself from the fools who can’t figure out how to safeguard my information.

    Thanks, Delta, for accepting some responsibility for the damages.

Leave a Reply

Your email address will not be published. Required fields are marked *