Delta says cyber security breach may have exposed several hundred thousand customers

Delta announced Wednesday that a "small subset" of customers may have had their payment information compromised online.

Delta Air Lines said a cyber security breach involving an online chat service "potentially exposed several hundred thousand customers."

Atlanta-based Delta disclosed the estimate on a web page at delta.com/response it rolled out Thursday on the cyber incident for customers.

Delta said it will offer free credit monitoring for customers who were affected. The airline said it is contacting those customers, including by mail. It said it will also launch a phone line for affected customers.

The cyber security breach involving online chat service [24]7.ai exposed the name, address, payment card number, CVV number and expiration date if the information was entered by a customer making a purchase, according to Delta. The airline said no other customer information like passport, government ID, security or SkyMiles information was affected.

The breach lasted from Sept. 26 to Oct. 12, 2017 for clients of the online chat service, including Delta.

“While we believe we have identified with some precision the transactions that could have been impacted, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised,” Delta said on its website. “Should customers’ payment cards be found to have been used fraudulently as a result of the [24]7.ai cyber incident, we will ensure our customers are not responsible for that activity.”

It also said its Fly Delta app, mobile delta.com and transactions using Delta Wallet were not affected. “The malware could only collect the information shown on the screen, so credit card information automatically populated by Delta Wallet functionality would have remained masked and not useable,” Delta said.