Delta Air Lines customer data compromised including payment information

Greg S

Posts: 1,607   +442

As a result of a cyber attack on a contractor used by Delta Air Lines, hundreds of thousands of customers have had their sensitive information potentially leaked.

Hackers managed to breach a business called [24]7.ai to obtain access to Delta's customer names, addresses and payment card information including expiration dates, card numbers and CVV numbers. Delta was only notified last week of the intrusion that occurred between September 26 and October 12, 2017.

Delta is investigating the matter alongside federal law enforcement agencies to collect any available forensic evidence. There is not yet an exact number of impacted customers although current estimates place "several hundred thousand" customers' data at risk.

Personal information including passports, government issued ID, security statuses and SkyMiles have not been affected by the breach.

In this case, [24]7.ai was infected with a fairly unsophisticated strain of malware that attempted to intercept incoming payment information by grabbing form contents. As a result, only customers that tried to complete a transaction during the specified time frame by manually entering payment information are believed to be at risk. Customers using the Fly Delta app or auto-fill form data are presumed to be safe from the attack.

A dedicated response site has been set up by Delta so consumers can follow the investigation process and find out if any of their information may be among that which has been stolen. Customers may also be contacted by mail if their information is found to be compromised. Free credit monitoring will also be made available to those affected.

Permalink to story.

 
Just imagine if these companies had to sign onto a law that stated "any and all compromised data will be reimbursed in cash to the client" and excluded any form of arbitration clause? These corporations would be treating that information like Fort Knox Bullion (if there still is any there) and you can bet if anyone did manage to hack them, there would be squads of armed retaliation teams after the hackers ..... hey, wait; did I just invent a way to legally invade Russia and North Korea??????
 
Ask Rudy Giuliani about it, he has a security company that is not really good at security except to extricate company from legally being prosecuted.
 
If only there was a decentralized and cryptographically secure means of transaction that didn't require users to trust third parties with their private ID's.... Man if only something like this was invented in 2009...
 
Can each business create it's on block-chain? Is it feasible? Is it a good idea? The sloppiness is tiring.
 
Back