INFORMATION ON [24]7.AI CYBER INCIDENT

Overview

Last updated on April 7, 2018,  9:00am ET
Last week, on March 28, Delta was notified by [24]7.aiopens in a new window, a company that provides online chat services for Delta and many other companies, that [24]7.ai had been involved in a cyber incident. It is our understanding that the incident occurred at [24]7.ai from Sept. 26 to Oct. 12, 2017 and that during this time certain customer payment information for [24]7.ai clients, including Delta, may have been accessed – no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted. Delta customers who believe they could be impacted, should visit https://delta.allclearid.comopens in a new window to enroll in the free protection services being offered.

Upon being notified of [24]7.ai’s incident last week, Delta immediately began working with [24]7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system. We also engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by [24]7.ai last October. At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised.

We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers’ information is of critical importance to us and a responsibility we take extremely seriously. We will be updating http://www.delta.com/response regularly to address customer questions and concerns. We will also be directly contacting customers who may have been impacted by the [24]7.ai cyber incident. In the event any of our customers’ payment cards were used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity.

Frequently Asked Questions

  1. How did [24]7.ai’s cyber incident occur?
    • [24]7.ai is a company that provides online chat services for many companies, including Delta.
    • We understand malware present in [24]7.ai’s software between Sept. 26 and Oct. 12, 2017, made unauthorized access possible for the following fields of information when manually completing a payment card purchase on any page of the delta.com desktop platform during the same timeframe: name, address, payment card number, CVV number, and expiration date.
    • No other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.
  2. What customers were impacted?
    • At this point, we understand that the malware was present for a short period of time and potentially exposed several hundred thousand customers.
    • While we believe we have identified with some precision the transactions that could have been impacted, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised.
    • There was no impact to the Fly Delta app, mobile delta.com or any other Delta computer system. Payment card information for those customers who used Delta Wallet to complete transactions was not compromised. The malware could only collect the information shown on the screen, so credit card information automatically populated by Delta Wallet functionality would have remained masked and not useable.
    • Customers did not have to interact with the online chat tool to be impacted.
  3. What is Delta doing to make this right for customers?
    • Delta launched www.delta.com/response, a dedicated website, on April 5 at noon ET, which we will be updating regularly to address customer questions and concerns.
    • Delta will be working diligently to directly contact customers, including by first-class postal mail, who may have been impacted by the [24]7.ai cyber incident.
    • Delta will also launch a dedicated phone line and website for the small subset of customers who were impacted so we can address their concerns.
    • Should customers’ payment cards be found to have been used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity.
    • We will also offer free credit monitoring to those customers who were impacted.
  4. Has the cyber incident been contained?
    • Yes. Information provided to us by [24]7.ai after notice on March 28 indicates that the incident was contained by [24]7.ai on Oct. 12, 2017.
  5. What should customers do if they think they could be impacted?
    • Delta has partnered with AllClear ID, a leading customer security and fraud protection firm, to offer a suite of credit monitoring services to those who may be impacted for free for two years starting on April 7, 2018. Delta customers who believe they made a purchase on the delta.com desktop platform between Sept. 26 and Oct. 12, 2017, and therefore could be impacted, should visit https://delta.allclearid.comopens in a new window to enroll in the free protection services being offered.
    • If you believe your card has been used to make a fraudulent purchase, please contact the card issuer immediately and follow their instructions.