Delta Air Lines Inc. said a cyber attack on a contractor potentially exposed the payment information of “several hundred thousand customers.”
A data breach from Sept. 26 to Oct. 12 at a company called [24]7.ai allowed unauthorized access to customers’ names, address, payment-card information, CVV numbers and expiration dates, Delta said in a statement Thursday. The vendor, which provides online chat services to Delta, notified the carrier and other clients last week.
Delta said it wasn’t yet able to say how many customers actually had their data stolen. The information was at risk if a customer entered data manually online to complete a payment transaction, Delta said. Data from customers who used a program called Delta Wallet weren’t compromised.
Sears Holdings Corp. said Wednesday it was notified in mid-March by the same contractor of a security incident that occurred last fall. The incident involved unauthorized access to fewer than than 100,000 of its customers’ credit-card information, Sears said.
While Delta has engaged federal law enforcement and forensic teams, the company had no information about who was behind the attack, including whether the perpetrator had any foreign connection. Last month, Bloomberg reported that Russian hackers attempted to penetrate the U.S. civilian aviation industry as part of a broad attack on U.S. infrastructure in early 2017, although that effort had limited impact.