Delta Air Lines, Inc. and its online chat service provider, 7.ai, are on the receiving end of a proposed class action lawsuit filed in the wake of revelations that the personal identification and payment card information of many of the airline’s customers was accessible to hackers between September and October 2017. Although the data breach took place last fall, Delta and its third-party chat provider only notified proposed class members of the malware attack in April 2018, leaving their sensitive data out in the open without their knowledge for roughly six months, the lawsuit states.
Hundreds of thousands of Delta customers who reserved plane tickets online are believed to be affected by the data breach, according to the lawsuit. The case claims the malware attack itself may have been preventable given the frequency of such data breaches and the “well-publicized litigation” that often follows.
“The data breach was also a result of [the defendants’] failure to establish and implement appropriate administrative, technical, and physical safeguards to ensure the security and confidentiality of [the plaintiff’s] and [proposed class members’] [personally identifiable information] to protect against reasonably foreseeable threats to the security or integrity of such information.”