Stories
Slash Boxes
Comments

SoylentNews is people

Data Breach Affects Hundreds of Thousands of Delta Air Lines Customers [Updated]

posted by chromas on Friday April 06 2018, @05:18PM   Printer-friendly
from the cyberhaxx dept.

[Updated (2018-04-06 22:18 UTC): According to a report at c|net, the breach also affected: Sears, Kmart, and now Best Buy, too. --martyb]

takyon writes:

Delta Says Data Exposed for 'Several Hundred Thousand' Customers

Delta Air Lines Inc. said a cyber attack on a contractor potentially exposed the payment information of "several hundred thousand customers."

A data breach from Sept. 26 to Oct. 12 at a company called [24]7.ai allowed unauthorized access to customers' names, address, payment-card information, CVV numbers and expiration dates, Delta said in a statement Thursday. The vendor, which provides online chat services to Delta, notified the carrier and other clients last week.

[...] Delta said it wasn't yet able to say how many customers actually had their data stolen. The information was at risk if a customer entered data manually online to complete a payment transaction, Delta said. Data from customers who used a program called Delta Wallet weren't compromised.

Delta statement and response website.

Also at The Verge.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Data Breach Affects Hundreds of Thousands of Delta Air Lines Customers [Updated] | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Informative) by datapharmer on Friday April 06 2018, @06:01PM (2 children)

    by datapharmer (2702) on Friday April 06 2018, @06:01PM (#663494)

    And why was it they were storing the CVV exactly? According to PCI rules "Sensitive authentication data must never be stored after authorization – even if this data is encrypted."
    See https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf/ [pcisecuritystandards.org] (warning: PDF)

    Starting Score:    1  point
    Moderation   +3  
       Insightful=1, Informative=2, Total=3
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 0) by Anonymous Coward on Friday April 06 2018, @11:04PM

    by Anonymous Coward on Friday April 06 2018, @11:04PM (#663580)

    Don't worry, the Payment Card Industry will ruthlessly retaliate against this blatant non-compliance. They will slap them on the wrist and ask them nicely not to ever do it again. They'll even look at whether or not they are crossing their finger's behind their backs.

  • (Score: 1, Interesting) by Anonymous Coward on Friday April 06 2018, @11:05PM

    by Anonymous Coward on Friday April 06 2018, @11:05PM (#663582)

    https://www.pcworld.com/article/3145621/security/distributed-guessing-attack-lets-hackers-verify-visa-card-details.html [pcworld.com]
    https://arstechnica.com/information-technology/2016/12/thieves-can-guess-your-secret-visa-card-details-in-just-seconds/ [arstechnica.com]

    Its a 3 digit number that is easy to get. Oh no doubt they should not keep it. But that is but a minor bump in the road to fraud. The security employed worked well in the dial up days. Now you can have thousands of computer in a bot do your bidding. It is why chip+pin is important. Good thing in the US we just have chip (eye roll).