Delta Airlines Sues Chatbot Provider Over 2017 Data Breach

Delta Airlines, one of the biggest airlines of the United States, filed a lawsuit against its chatbot company provider on Thursday over a data breach that happened in 2017.

According to a report from The Wall Street Journal, Delta is accusing its customer service technology provider, [24], for its “lax cybersecurity” that led to a major data leak that had exposed the personal information of about 825,000 Delta Airlines customers.

In its complaint, the airline giant claimed that 24[7] knew about the data breach as early as September or October 2017 but had waiter for six months before it had disclosed the news to Delta.

The company also alleges 24[7] for inadequate security measures. According to the complaint, the tech company did not require the use of passwords that met PCI DSS and other industry minimum standards, had allowed several employees to use the same login credentials, and did not require users to pass multi-factor authentication before providing access to sensitive source code.

All these weak security measures, claimed by Delta, had enabled attackers to access [24]7’s computer systems and “scraped” Delta customers’ personal information and payment card data.

Delta Airlines Sues Chatbot Provider Over 2017 Data Breach

“Despite the existence of established (and contractually mandated) channels of communication between [24]7 and Delta, when [24]7 finally reached out to Delta about the Data Breach, it did so through the LinkedIn pages of individual Delta and [24]7 employees. Even when [24]7 finally issued an official communication, it too was short and inadequate. [24]7 provided just three sentences about the [24]7 breach on the [24]7 website,” the complaint read.

“To this day, no employee or other representatives of 24/7 Philippines has provided Delta formal detailed notice of the Data Breach,” it added.

To date, Delta wants to recover “millions of dollars” it had spent over the security breach – including the investigations and the costs needed in notifying affected customers, offering them credit monitoring products, and engaging call center support services.

24[7] is currently facing accusations of fraud, negligence and breach of contract from Delta. In the complaint, the airline company appealed to make 24]’s parent US company and its Philippine subsidiary become liable for the incident and for all breach-related cost Delta had spent.

“This has been an ongoing issue between the companies and nothing new has arisen, except that Delta has chosen to litigate this matter,” said Senior Vice President and Acting General Counsel William Bose.