Delta Air Lines acknowledged this week that information from its internal directory was leaked in a data breach of a third party, but said it did not include any sensitive employee information.
The data included “things like names, contact information and office location,” but no sensitive personal data, according to the Atlanta-based airline.
The Delta data was part of a much larger hack into employee directories of a couple dozen large companies, including Amazon, Charles Schwab and McDonald’s, according to a blog post by cybercrime intelligence firm Hudson Rock.
According to Hudson Rock, the stolen data posted in a cybercrime forum dates back to May 2023 and is related to a vulnerability in MOVEit file transfer software widely reported last year. It included more than 57,000 records from Delta, Hudson Rock said. Delta has roughly 100,000 employees.
Among the other organizations impacted by the MOVEit breach last year was the University System of Georgia.
Delta said none of its systems have been compromised and its information security team “has validated that this data is internal directory information that originated from a third party.”
“Delta teams work continuously to safeguard Delta’s data as the security and integrity of that information is of the utmost importance,” the company said.
Hudson Rock said in its blog post that the hacker’s message about the data “suggests an intent to make organizations aware of the potential threats and weaknesses in their systems, while also publicizing the data for malicious actors who may misuse it.”
The U.S. Securities and Exchange Commission’s Division of Enforcement in October 2023 issued a subpoena seeking documents and information from Progress Software on the vulnerability to its MOVEit software.
In August, Progress Software said the SEC’s fact-finding investigation had concluded and the SEC notified Progress that “it does not intend to recommend an enforcement action against the company at this time.”
___
© 2024 The Atlanta Journal-Constitution
Distributed by Tribune Content Agency, LLC.