Delta has launched the webpage Delta.com/response to address
customer concerns about a data breach the airline learned about last week.
The security breach at [24]7.ai, Delta's provider of
customer-support chat services, took place from Sept. 26 to Oct. 12, 2017.
"During this time certain customer payment information
for [24]7.ai clients, including Delta, may have been accessed -- but no other
customer personal information, such as passport, government ID, security or
SkyMiles information was impacted," Delta said.
"At this point, even though only a small subset of our
customers would have been exposed, we cannot say definitively whether any of
our customers' information was actually accessed or subsequently compromised."
Delta said it has engaged federal law enforcement and
forensic investigators to probe the data breach. The carrier plans to directly
contact customers who may have been impacted by the breach and said that if any
of its customers' payment cards were fraudulently used, it will make sure those
individuals are not financially impacted.
[24]7.ai. informed Delta of the breach on March 28. The
carrier hasn't directly explained why it waited a week to make that information
public. Delta did say that on March 29 it pulled the chat tool from its website
"out of an abundance of caution."
Sears Holdings said Wednesday that the credit cards of less
than 100,000 Sears and Kmart customers were also accessed because of the data
breach at [24]7.ai.