As a result of a cyber attack on a contractor used by Delta Air Lines, hundreds of thousands of customers have had their sensitive information potentially leaked.
Hackers managed to breach a business called [24]7.ai to obtain access to Delta's customer names, addresses and payment card information including expiration dates, card numbers and CVV numbers. Delta was only notified last week of the intrusion that occurred between September 26 and October 12, 2017.
Delta is investigating the matter alongside federal law enforcement agencies to collect any available forensic evidence. There is not yet an exact number of impacted customers although current estimates place "several hundred thousand" customers' data at risk.
Personal information including passports, government issued ID, security statuses and SkyMiles have not been affected by the breach.
In this case, [24]7.ai was infected with a fairly unsophisticated strain of malware that attempted to intercept incoming payment information by grabbing form contents. As a result, only customers that tried to complete a transaction during the specified time frame by manually entering payment information are believed to be at risk. Customers using the Fly Delta app or auto-fill form data are presumed to be safe from the attack.
A dedicated response site has been set up by Delta so consumers can follow the investigation process and find out if any of their information may be among that which has been stolen. Customers may also be contacted by mail if their information is found to be compromised. Free credit monitoring will also be made available to those affected.