Delta Air Lines joins Amazon in confirming third-party data leak


The airline emphasized that its systems were unaffected, with the exposed employee details coming from a third-party vendor.

While Delta did not name the vendor from which attackers siphoned staff details, the cyber bandits behind the leak were very clear about how they obtained them – from MOVEit, a file transfer software. Earlier this week, attackers posted a massive dataset, including details of many organizations, including Amazon, HP, Lenovo, UBS, and others.

“No Delta systems have been compromised and our information security team, after a thorough investigation, has validated that this data is internal directory information that originated from a third party,” Delta told Cybernews.

ADVERTISEMENT

According to the company, the leaked data includes “names, contact information, and office location but no sensitive personal information.” Earlier this week, Amazon also confirmed its data was exposed via a third-party vendor.

While Delta did not disclose how many people were exposed in the leak, the cybercrooks’ post revealing the dataset said that they have over 57,000 of the airlines’ records.

Ernestas Naprys justinasv Konstancija Gasaityte profile Paulina Okunyte
Stay informed and get our latest stories on Google News

Why does the leak matter?

While the information on the dataset comes from an earlier breach, Cybernews researchers believe that organizing stolen details helps malicious actors – easier-to-navigate data at least saves time in preparing an attack.

Meanwhile, the persons behind the leak published a manifesto saying their goal was to raise awareness about data security. While companies should take privacy seriously, a less harmful way to do this would be to inform the impacted organizations their information was exposed.

The attacks that allowed the theft of copious amounts of data primarily happened in 2023, after cybercriminals exploited a zero-day bug in MOVEit Transfer, a managed file transfer software, and took the data stored there. The hacks’ return to headlines exemplifies that malicious actors still try to find ways to profit from it, Kevin Robertson, Chief Operating Officer (COO) of Acumen Cyber said.

“The attack hasn’t had anywhere near the media coverage this year as it received last year, but this latest update shows that attackers are continuing to monetize from the data,” Roberston said.

ADVERTISEMENT

Interestingly, the recent leak’s authors, who go by the moniker Nam3L3ss, most likely had nothing to do with the original MOVEit Transfer hacks. Robertson said that the attacks serve as a reminder of the deep impact third-party vendor attacks have on organizations, as the data that ends up on the dark web often stays there for a very long time.