Last week Delta was notified by 7.ai, a company that provides online chat services for Delta had been involved in a cyber security breach and that certain customers payment information (credit card details) might have been accessed.
As per Delta’s own statement this breach might have affected several hundred thousand customers (never knew that chat feature was this popular) they now teamed up with AllClearID, a credit monitoring firm, to offer customers two years complimentary credit- and ID related security services.
The service provider in question where the breach occurred handles the online chat for Delta on the airlines own website and in these chat conversations customers can also make payments for tickets or incidental charges.
You can access the incident specific website Delta has set up for this here.
… It is our understanding that the incident occurred at 7.ai from Sept. 26 to Oct. 12, 2017 and that during this time certain customer payment information for 7.ai clients, including Delta, may have been accessed – no other customer personal information, such as passport, government ID, security or SkyMiles information was impacted. Delta customers who believe they could be impacted, should visit https://delta.allclearid.comopens in a new window Please note, this links to an external site separate from delta.com, which may not follow the same accessibility or privacy policies. to enroll in the free protection services being offered.
This graphic above illustrates the entire timeline a bit better.
I used Chat to upgrade a Delta booking from Shanghai to Tokyo last year in December and always got an error message on the website, the chat was able to rectify the issue, however I didn’t 1:1 transmit that information in the chat field. When the agent asked me for payment a small window popped up that prompted me to enter the credit card details in a secure manner.
Two major points taken from the FAQ:
- At this point, we understand that the malware was present for a short period of time and potentially exposed several hundred thousand customers.
- There was no impact to the Fly Delta app, mobile delta.com or any other Delta computer system. Payment card information for those customers who used Delta Wallet to complete transactions was not compromised. The malware could only collect the information shown on the screen, so credit card information automatically populated by Delta Wallet functionality would have remained masked and not useable.
I’m surprised that the chat tool was actually that popular when I read those numbers. Several hundred thousand customers for such a tool is a pretty high number.
However as the FAQ go on it also says this:
- Customers did not have to interact with the online chat tool to be impacted.
How does this work? You don’t deal with the Chat at all yet your credit card infos are compromised?
In any case Delta has now partnered with AllClearID and they set up a website (access here) where ‘impacted customers’ can apply for a free two year service for their credit and ID protection services.
This service includes the ability to set, renew, and remove 90-day fraud alerts on your credit file to help protect you from credit fraud. In addition, it provides credit monitoring services, a once annual credit score and credit report, and a $1 million identity theft insurance policy.
Since not even Delta can exactly tell who was impacted by this breach pretty much anyone can sign up for the offer if one so wishes, you got nothing to lose. Of course most credit cards nowadays have a similar service already but the case worker feature and extra insurance is nice to have so why not?
With all these contracted services nowadays, companies have very little impact on how their core customer data will be handled since it isn’t processed in-house. Depending on the integrity of the contracted firm and their capability to prevent data breaches it’s an impossible task and one that might prove costly as in this case when one of the parties involved has to provide remedy to the customers.
The expenses for this AllClearID solution will likely be covered to a large extend by Delta’s contractor (apart from getting a volume discount for all signups).