The cyber security breach involving online chat service 7.ai exposed the name, address, payment card number, CVV number and expiration date if the information was entered by a customer making a purchase, according to Delta. The airline said no other customer information like passport, government ID, security or SkyMiles information was affected.
The breach lasted from Sept. 26 to Oct. 12, 2017 for clients of the online chat service, including Delta.
“While we believe we have identified with some precision the transactions that could have been impacted, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised,” Delta said on its website. “Should customers’ payment cards be found to have been used fraudulently as a result of the 7.ai cyber incident, we will ensure our customers are not responsible for that activity.”
It also said its Fly Delta app, mobile delta.com and transactions using Delta Wallet were not affected. “The malware could only collect the information shown on the screen, so credit card information automatically populated by Delta Wallet functionality would have remained masked and not useable,” Delta said.