Delta Air Lines said Wednesday that some of its customers’ payment information may have been breached in a cyberattack last fall.
The airline said the incident involved (24)7.ai, a chat-services provider used by Delta and other companies.
Delta says only “a small subset” of customers were affected, with payment information exposed from Sept. 26 to Oct. 12. It says no other personal details about customers, such as their passport, security or frequent-flyer account information, was affected.
The Atlanta-based airline says (24)7.ai informed it of the breach last week. Delta brought in federal law enforcement and forensic teams and confirmed that the unauthorized access was cut off by October.
Delta says it will make sure customers aren’t held responsible if their payment cards were used fraudulently. It will create a website Thursday to update customers.
(24)7.ai, which is based in San Jose, California, said a “small number” of its client companies had their online customer payment information potentially exposed. It said it is confident that its platform is now secure and is working with its clients to determine if any of their customer information was accessed.
The company says it works with industries ranging from financial services to healthcare and e-commerce.