A software company that provides technology and chat services for numerous clients including Delta Air Lines was "involved in a cyber incident," according to a press release from the airline.
7.ai, the software company, says it discovered and contained the data breach on October 12, 2017. The cyber attack began September 26.
Delta says the breach on its supplier exposed some customer payment data but did not reveal personal data about the airline's customers, such as passport or SkyMiles information. Delta has launched a dedicated website to address customers' questions and concerns.
This latest cyber incident underscores the dire need for companies to have open channels of communication with their suppliers.
Although Delta’s system itself was not hit by the breach, a vendor’s was. Now the airline must deal with the repercussions of angry customers concerned about their privacy and a PR nightmare.
Attacks on a supplier can reverberate down the supply chain and affect a company’s systems and brand reputation. The ripple effect has led many companies to work with their suppliers to mitigate potential risks before they arise — anything from cyber attacks to labor and ethical issues.
Apple works closely with many of its factories in Asia to ensure high performance and monitor labor conditions. IKEA began taking a closer look at its suppliers to see where emissions could be cut. While many of those initiatives begin as a way to boost the company’s reputation, they often benefit the supplier, creating a safer value chain.
In extreme cases, companies found it necessary to cut ties with a risky vendor, as Cargill did with a palm oil supplier failing to meet sustainability goals. As for Delta's contracts and relationships with 7.ai, "we don't comment on or speculate about our business practices," Catherine Simmons, spokesperson for Delta Air Lines, told Supply Chain Dive.
In the grand scheme of things, the breach on 7.ai is relatively minor for Delta, given that it only exposed some customer payment data but not personal information, such as passport numbers. "There was no impact to the Fly Delta app, mobile delta.com or any other Delta computer system," the airline stated.
A larger cyber attack could shut down an entire grid, making systems vulnerable and delaying flights and the movement of cargo.