Delta Air Lines said a cyber attack on a contractor potentially exposed the payment information of “several hundred thousand customers.”
A data breach from Sept. 26 to Oct. 12 at a company called 7.ai allowed unauthorized access to customers’ names, address, payment-card information, CVV numbers and expiration dates, Delta said in a statement Thursday. The vendor, which provides online chat services to Delta, notified the carrier and other clients last week.
The incident adds to a growing list of U.S. companies announcing cyber attacks in the past week that exposed the data of millions of people and, in some cases, sought to compromise operations. The attacks have affected a broad swath of industries, including retailers Hudson Bay and Under Armour, aerospace giant Boeing, natural gas pipelines and electric utilities.
Delta said it wasn’t yet able to say how many customers actually had their data stolen. The information was at risk if a customer entered data manually online to complete a payment transaction, Delta said.
Data from customers who used a program called Delta Wallet weren’t compromised.
Sears Holdings said Wednesday it was notified in mid-March by the same contractor of a security incident that occurred last fall. The incident involved unauthorized access to fewer than 100,000 of its customers’ credit-card information, Sears said.
While Delta has engaged federal law enforcement and forensic teams, the company had no information about who was behind the attack, including whether the perpetrator had any foreign connection.