A 3rd party app provider exposes some of Delta's customers credit card data. Although this breach was small, the impact hits hard for Delta with regards to the recovery steps they need to undergo to mitigate the damage.
With so much pressure to stay competitive with apps and tools that aim to improve customer experiences, companies may be trading off best practices in security --- especially when it comes to vetting 3rd party suppliers and partners.
The airline said the incident involved (24)7.ai, a chat-services provider used by Delta and other companies. Delta says only “a small subset” of customers were affected, with payment information exposed from Sept. 26 to Oct. 12 but no other personal details such as passport, security or frequent-flyer account information were exposed. Delta says (24)7.ai informed them of the breach last week. They brought in federal law enforcement and forensic teams who confirmed that the unauthorized access was cut off by October. Delta says customers won't be held responsible if their payment cards were used fraudulently and update customers on Thursday. (24)7.ai said a “small number” of its clients had their online customer payment information potentially exposed. They say they are confident that its platform is now secure and is working with its clients to see if they are exposed.