Delta addresses passenger concerns after cyber incident

ByCNN
Thursday, April 5, 2018
Delta airplanes are grounded, Friday, March 2, 2018, in New York. Airlines have cancelled many flights out of New York as a severe storm arrives in the northeast.
File photo of Delta Airlines planes Friday, March 2, 2018 in New York.
AP Photo/Mark Lennihan

ATLANTA -- Atlanta-based Delta Air Lines launched a web page Thursday aimed at addressing concerns and questions from customers following a "cyber incident."

The data breach specifically involved one of Delta's tech partners. The company, called (24)7.ai, provides online chat services for Delta and many other companies. (24)7.ai confirmed the breach occurred between Sept. 26 - Oct. 12 of last year.

A Delta spokesperson says the incident possibly exposed the payment information of a small subset of its customers. No other personal information, such as passport, government ID and SkyMiles information was impacted.

The airline says it will contact customers by mail who may have been impacted by the incident. The company also launched a web page at noon Thursday dedicated to addressing customer questions and concerns. http://www.delta.com/response

The complete statement from Delta is provided below:

Last week, on March 28, Delta was notified by (24)7.ai, a company that provides online chat services for Delta and many other companies, that (24)7.ai had been involved in a cyber incident. It is our understanding that the incident occurred at (24)7.ai from Sept. 26 to Oct. 12, 2017, and that during this time certain customer payment information for (24)7.ai clients, including Delta, may have been accessed " but no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.

Upon being notified of (24)7.ai's incident, Delta immediately began working with (24)7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system. We also engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by (24)7.ai last October. At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised.

We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers' information is of critical importance to us and a responsibility we take extremely seriously. Delta will launch delta.com/response, a dedicated website, noon ET April 5, which we will update regularly to address customer questions and concerns. We will also directly contact customers who may have been impacted by the (24)7.ai cyber incident. In the event any of our customers' payment cards were used fraudulently as a result of the (24)7.ai cyber incident, we will ensure our customers are not responsible for that activity.

Statement issued earlier Wednesday by (24)7.ai on Information Security Incident:

(24)7.ai discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified. The incident began on Sept. 26, and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers' online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.

Copyright 2018 Cable News Network. Turner Broadcasting System, Inc. All Rights Reserved.