Delta Air Lines is suing tech vendor [24]7.ai for a 2017 data breach that may have compromised the personal and payment information of up to 825,000 of the airline’s customers.

[24]7 managed the chat function on Delta’s website. A hacker was able to exploit insufficient user authentication protocols to access [24]7’s computer systems, according to the complaint. The hacker was able to scrape personally identifying information and payment card data that customers input to the site for several weeks in 2017.

Not only did [24]7 allow the breach to occur, it waited more than five months to notify Delta,...