Delta Customer Payment Info Potentially Exposed in Cyberattack

Delta has not said how many of its customers were involved in the breach, but Sears Holdings confirmed that as many as 100,000 customers could have been impacted.

• By Jessica Davis
• Apr 06, 2018

Delta Air Lines and Sears Holdings confirmed Wednesday that a cybersecurity incident at a third-party company called 247.ai potentially left customer payment information vulnerable online between September and October of last year.

Delta said 247.ai, a chat-services provider used by Delta and other companies, informed the airline of the breach last week. The airline brought in federal law enforcement and forensic teams and confirmed that the unauthorized access to customer payment information was cut off by October.

Delta has not said how many of its customers were involved in the breach, but Sears Holdings confirmed that as many as 100,000 customers could have been impacted.

“No other customer personal information, such as passport, government ID, security or SkyMiles information was impacted,” Delta Air Lines said in a statement. “Even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised."

Delta said it will ensure customers will not be liable for misuse of their information.

Some security experts were less optimistic about their response.

“Time is a critical factor for preventing fraud whenever there is a breach of financial data,” said Craig Young, computer security researcher for Tripwire’s Vulnerability and Exposure Research Team. “Delta has assured customers that they won’t be held responsible for fraudulent charges, but it seems likely that if fraudulent charges related to this have not already been identified, there is little hope that they will ever be connected to this breach.”