Delta Air Lines customer payment information may have been breached after a cyber security incident involving a third party tech provider, which provides online chat services for Delta and other companies
The cyber security incident affected online customer payment information of the airline’s clients, the company said earlier in the day. The incident began on Sept. 26, 2017 and was found and resolved on Oct. 12 last year, the company said.
>See also: 4 lessons learned from the Delta’s power outage
According to Delta, personal information related to passport, government identification, security and SkyMiles information was not impacted.
The much maligned number 2 US airline carrier did reveal that a small number of its customers did have their information exposed, but it is not clear if this information was accessed and exploited.
Expert view
“In this case, though it remains unconfirmed whether or not customer information was actually accessed or compromised, the very fact that digital vulnerabilities were exposed and exploited is concerning enough,” said Peter Carlisle, VP EMEA, Thales eSecurity.
“Brands across industries must ensure that rigorous due diligence is being carried out, they are working with trustworthy software partners and are consistently welcoming open feedback from customers on their data policies.”
>See also: Why did British Airways suffer such an extreme IT meltdown?
“In the last few months we have undoubtedly witnessed a number of watershed moments in data protection. No matter the scale or extent of a breach, companies have a moral duty to protect customer data.”
“If there is a leak, it’s essential that brands act decisively and swiftly by being as clear and open as possible with those who may have been compromised. Clear communication and a transparent policy explaining how data is being used and who it is being shared with is paramount in today’s climate.”
“With the introduction of the EU’s General Data Protection Regulation (GDPR) drawing ever closer, there’s now a general recognition that if consumers don’t trust you to protect their privacy, then they’re not going to trust you with anything.”