Incident linked to airline’s online chat service provided by a third-party
UPDATE On 7, April Delta announced that it would be offering free credit monitoring in partnership with AllClear ID for those affected by the malware incident on its online chat service.Delta Air Lines has become the latest major company to disclose a data breach this week, putting customers’ sensitive information at risk of cyber criminals.
The incident, Delta announced on Wednesday, involved the airline’s online chat service, run by American software company 7.ai, that provides similar support to companies including department stores Sears and Kmart.
It is not yet known how many Delta customers were affected.
Sears also said it was affected by the breach, which occurred between 26 September and 12 October 2017, exposing the credit card information of under 100,000 of its customers, Reuters reports. The company’s shares did not appear to have been impacted.
Both companies have stated that they learned of the incident in March, despite it being solved in October, according to 7.ai.
Sears was notified in the middle of the month and Delta on the 28th.
Delta said that it will individually notify customers whose payment information may have experienced fraud, and that a website would be setup later today in order to respond to any questions or concerns.
It said: “Upon being notified of 7.ai's incident, Delta immediately began working with 7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system.
“We also engaged federal law enforcement and forensic teams and have confirmed that the incident was resolved by 7.ai last October.
“At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised.”
Delta, however, said customer information from passports and its frequent flyer program were not compromised.
While data breach disclosures seem to be turning into a daily routine, a recent IBM report shows that publically admitted incidents have actually gone down nearly 25% from 2015 to 2017 as attackers preference to deploy malware increases.
A second report by cybersecurity service Fireeye believes that breaches are being discovered internally more and more, with the time for detection dropping to 57.5 days in 2017 from 80 days in 2016.
This potential trend toward self-identifying security incidents could mean faster response time and greater accountability, if not prevention, of future cyber-attacks.