[Updated (2018-04-06 22:18 UTC): According to a report at c|net, the breach also affected: Sears, Kmart, and now Best Buy, too. --martyb]
Delta Says Data Exposed for 'Several Hundred Thousand' Customers
Delta Air Lines Inc. said a cyber attack on a contractor potentially exposed the payment information of "several hundred thousand customers."
A data breach from Sept. 26 to Oct. 12 at a company called [24]7.ai allowed unauthorized access to customers' names, address, payment-card information, CVV numbers and expiration dates, Delta said in a statement Thursday. The vendor, which provides online chat services to Delta, notified the carrier and other clients last week.
[...] Delta said it wasn't yet able to say how many customers actually had their data stolen. The information was at risk if a customer entered data manually online to complete a payment transaction, Delta said. Data from customers who used a program called Delta Wallet weren't compromised.
Delta statement and response website.
Also at The Verge.
(Score: 0) by Anonymous Coward on Friday April 06 2018, @06:57PM
More information from the Delta response webpage.
Malware in the third party chat app on the Delta.com website had access to this information as customers were entering it on the webpage. This is why PCI-DSS is only a starting place and companies need to go beyond it to provide a safe experience for their customers. Like others have said, the minimum standard is the *minimum*. Like getting the lowest possible passing grade in school. You passed, but you shouldn't be proud of it.