After information on 825,000 Delta Airlines customers was
exposed and potentially stolen by at least one hacker in 2017, the airline has
filed suit against chatbot vendor [24]7.ai, claiming poor security led to the
breach.Delta
also took aim at the vendor for waiting nearly six months to disclose the
breach, according to the suit filed in the U.S. District Court for the Southern
District of New York. Even then, disclosure was made via LinkedIn, the airline
said, rather than directly to Delta as their contract required.A bad actor likely credit card data as well and names and
addresses of the airline’s customers."What's
particularly interesting about this situation is that Delta seems to have had
contract provisions ("adequate security, including encryption"
according to the article) and had its provider sign a GDPR compliance addendum
in February 2018 requiring immediate breach notification, five months before
notifying Delta about the breach,” said Gary Roboff, Senior Advisor at
Shared Assessments.
“Delta says its vendor was aware of the breach when it signed that agreement.”But
the airline’s success with the suit may rest on how specific the contract
language is. “If Delta actually used the words ‘adequate security’ instead of
defining more precisely what good security hygiene means, that could be a
problem," said Roboff.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds