Delta Airlines Inc. has filed a lawsuit against a firm that powered a chatbot on its website. The lawsuit alleges that [24]7.ai Inc. did not have basic cybersecurity safeguards while it ran a service powered by artificial intelligence (AI) on the carrier’s website last year and in 2017, The Wall Street Journal reported.
The suit claims that [24]7 waited over five months to tell the airline about the breach instead of immediately informing it. It also says that when it did tell the airline, it did so through LinkedIn in lieu of official channels.
In an email through a spokesperson per WSJ, [24]7 Senior Vice President and Acting General Counsel William Bose said, “This has been an ongoing issue between the companies and nothing new has arisen, except that Delta has chosen to litigate this matter.”
The airline claims that 24[7] fell short of implementing basic security controls like forbidding workers from using the same login credentials or requiring multifactor authentication for employees accessing source code. According to the news outlet, hackers changed the source code of the chatbot via compromised credentials. They then monitored the website activity of the carrier and took data entered by visitors.
Delta did not comment to the WSJ, nor did a lawyer representing the carrier. The carrier disclosed the incident in 2018, noting that card details, as well as personal information from up to 825,000 clients, were exposed. According to the suit, Delta is seeking reimbursement for all breach-related costs. The carrier has not disclosed expenses related to the incident.
The news comes after reports surfaced last April that Delta and Sears disclosed that some of their customers’ payment information could have been exposed as part of a data breach at [24]7.ai. According to WSJ, [24]7.ai. taps into AI to make products like chatbots, digital advertising services and consumer analytics programs.
