INFORMATION ON [24]7.AI CYBER INCIDENT

April 5, 2018

Overview

Last week, on March 28, Delta was notified by [24]7.aiopens in a new window, a company that provides online chat services for Delta and many other companies, that [24]7.ai had been involved in a cyber incident. It is our understanding that the incident occurred at [24]7.ai from Sept. 26 to Oct. 12, 2017 and that during this time certain customer payment information for [24]7.ai clients, including Delta, may have been accessed – no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.

Upon being notified of [24]7.ai’s incident last week, Delta immediately began working with [24]7.ai to understand any potential impact the incident had on Delta customers, delta.com, or any Delta computer system. We also engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by [24]7.ai last October. At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised.

We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers’ information is of critical importance to us and a responsibility we take extremely seriously. We will be updating http://www.delta.com/response regularly to address customer questions and concerns. We will also be directly contacting customers who may have been impacted by the [24]7.ai cyber incident. In the event any of our customers’ payment cards were used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity. 

“Taking care of our customers is the foundation of Delta’s culture,” said Deborah Wheeler, Chief Information Security Officer. “That’s why the security and confidentiality of our customers’ information is critically important to us, and we are taking this incident extremely seriously. We will ensure that our customers will not be responsible for any fraudulent activity as a result of this incident with [24]7.ai. We also are committed to keeping our customers fully informed as we learn more.”

+ Click to enlarge

Frequently Asked Questions

  1. How did [24]7.ai’s cyber incident occur?
    • We understand malware present in [24]7.ai's software between Sept. 26 and Oct. 12, 2017 made unauthorized access possible for the following fields of information; name, address, payment card number, CVV number, and expiration date during their purchase process if this information was manually entered by the customer and the customer completed the purchase transaction.
    • No other customer personal information, such as passport, government ID, security or SkyMiles information was impacted.
  2. What customers were impacted?
    • At this point, we understand that the malware was present for a short period of time and potentially exposed several hundred thousand customers. While we believe we have identified with some precision the transactions that could have been impacted, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised.
    • There was no impact to the Fly Delta app, mobile delta.com or any other Delta computer system. Payment card information for those customers who used Delta Wallet to complete transactions was not compromised. The malware could only collect the information shown on the screen, so credit card information automatically populated by Delta Wallet functionality would have remained masked and not useable.
  3. What is Delta doing to make this right for customers?
    • Delta launched www.delta.com/response, a dedicated website, on April 5 at noon ET, which we will be updating regularly to address customer questions and concerns.
    • We will also be directly contacting customers, including by first-class postal mail, who may have been impacted by the [24]7 cyber incident.
    • Delta will also launch a dedicated phone line and website for the small subset of customers who were impacted so we can address their concerns.
    • Should customers’ payment cards be found to have been used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity.
    • We will also offer free credit monitoring to those customers who were impacted.
  4. Has the cyber incident been contained?
    • Yes. Information provided to us by [24]7.ai after notice on March 28 indicates that the incident was contained by [24]7.ai on Oct. 12, 2017.