The Delta Hack of 2017

Hundreds of thousands of Delta customers had their data exposed during a major cyber attack

  • Delta Air Lines says “several hundred thousand” customers may have had their payment information compromised.
  • The incident is the result of malware found on software belonging to webchat provider [24]
  • Delta will ensure that customers are not responsible for fraudulent card activity resulting from the incident.

Delta Air Lines confirmed on Wednesday that payment information belonging to its customers may have been compromised after a cyber attack on third-party chat service used by the airline.

According to Delta, “several hundred thousand” customers may have had their names, addresses, and payment card information exposed.

On March 28, Delta was notified by chat service provider [24] that it malware was present in its software between September 26 and October 17, 2017. In a statement, Delta says it has “engaged federal law enforcement and forensic teams, and have confirmed that the incident was resolved by [24] last October.”

“At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised,” the airline’s statement went on to say.

Delta cyber attack timeline


Delta also clarified that the FlyDelta app and mobile have not been affected by the breach.According to Delta, no additional data such as passport, government ID, and Skymiles information have been compromised.

Update: Delta launches website for free credit monitoring following malware attack

By  – Digital Producer , Atlanta Business Chronicle

Update: Delta has launched another website to offer free credit monitoring services to customers who believe they may be impacted. In an update Saturday, Delta said it still could not say definitively whether any of its customers’ information was actually accessed or subsequently compromised.

Original: A “small subset” of Delta’s customers — several hundred thousand — were likely exposed to a cyber attack that occurred in the Fall of 2017, the company said Thursday.

Delta Air Lines Inc. (NYSE: DAL) said in a news release that it’s not entirely sure how many of its customers are involved in a malware attack against [24], a company that provides online chat services for many companies, including Delta. The Atlanta-based airline said it was notified on March 28 of the “cyber incident,” which Delta said occurred from Sept. 26 to Oct. 12, 2017. During that timeframe, certain “customer payment information” may have been accessed, Delta said. That includes name, address, payment card number, CVV number, and expiration date.

The airline said no other customer personal information, such as passport, government ID, security or SkyMiles information, was impacted.

Delta said it “immediately” began working with [24] to understand any potential impact the incident had on Delta customers,, or any Delta computer system, and engaged federal law enforcement and forensic teams. Delta said it will ensure that customers’ payment cards used fraudulently as a result of the incident are not responsible for the activity.

“At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised,” Delta said in the news release.

Delta revealed more details about the potential impact on a website it launched Thursday to address customer questions and concerns. That included the notion that, “At this point, we understand that the malware was present for a short period of time and potentially exposed several hundred thousand customers.”

Delta’s is the third major cyberattack linked to Atlanta in less than a year.

Equifax Inc. (NYSE: EFX) is still reeling from the about 150 million people who’s person information were compromised from the cyberattack it revealed in October. Meanwhile, the City of Atlanta is in the midst of restoring city services since the March 22 cyberattack that was being investigated by the FBI and Department of Homeland Security.

Sears Holding, Delta Air hit by customer data breach at tech firm

(Reuters) – Department store chain Sears Holding Corp (SHLD.O) and Delta Air Lines Inc (DAL.N) said on Wednesday some of their customer payment information may have been exposed in a cyber security breach at software service provider [ 24]

Sears said it was notified of the incident in mid-March and the incident led to unauthorized access to the credit card information of under 100,000 of its customers.

Technology firm [ 24], which provides online support services for Delta, Sears and Kmart among other companies, found that a cyber security incident affected online customer payment information of its clients, it said. The incident happened on or after Sept. 26, 2017 last year and was found and resolved on Oct. 12, the company said.

Personal details related to passport, government identification, security and SkyMiles information were not impacted, Delta said.

The No.2 U.S. carrier said while a small subset of its customers would have had their information exposed, it cannot be said with certainty if their information was accessed and compromised.

Sears said its stores were not compromised and their internal systems were not accessed in the breach. There was no impact on the information of customers using a Sears-branded credit card, the retailer said.

Reporting by Kanishka Singh in Bengaluru; Editing by Gopakumar Warrier

Best Buy hit by [24] data breach, too

It’s not just Delta, Sears and Kmart …

Sarah Tew/CNET

Earlier today, we learned that hundreds of thousands of Delta Airlines, Sears and Kmart online shoppers may have had their names, addresses, and credit card information stolen by hackers. Now, you can add Best Buy to that list.

The big-box electronics retailer says it was also affected by the same breach, due to Best Buy’s use of online customer service software from [24]7.Ai during a 15-day period when that third party firm’s online chat tool was infected with malware.

(You don’t need to have used the online chat software to be affected. Delta, for one,  believes that if you entered billing information into these companies’ desktop websites between Sept. 26 and Oct. 12, 2017, there’s a chance your information was compromised.)

Best Buy hasn’t said how many of its customers were affected, but indicated the the number is small. “As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24] incident, whether or not they used the chat function,” the company said in a statement.

It’s important to note that none of these companies has yet confirmed whether any personal information was actually stolen. They’ve merely said there was an opportunity for it to have been taken.

Regardless, Best Buy says it will offer free credit monitoring services to those who want them, and is assuring its customers they won’t be liable for any illegal transactions.

We’re still wondering if more companies were affected. A January profile of [24] listed American Express, AT&T, Citi, eBay, Farmers Insurance and Hilton as clients of the chat company, as well.

American Express and Farmers Insurance confirmed they weren’t affected by the breach.

[24] Issues Statement on Information Security

NEWS PROVIDED BY  [24]  Apr 04, 2018, 16:59 ET

SAN JOSE, Calif.April 4, 2018 /PRNewswire/ — [24] discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified. The incident began on Sept. 26, and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers’ online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.

About [24]
[24] is redefining the way companies interact with consumers. Using artificial intelligence and machine learning to understand consumer intent, the company’s technology helps companies create a personalized, predictive and effortless customer experience across all channels. The world’s largest and most recognizable brands are using intent-driven engagement from [24] to assist several hundred million visitors annually, through more than 1.5 billion conversations, most of which are automated. The result is an order of magnitude improvement in digital adoption, customer satisfaction, and revenue growth. For more information, visit:

[24]7 and [24] are trademarks of [24], Inc. All other brands, products or service names are or may be trademarks or service marks of their respective owners.


Ian Bain
VP, Corporate Communications


Related Links

Posted in Cybersecurity, Hacks and Breaches, IT, Security and tagged , , , , , , , , , , .