Delta Air Lines and department store chain Sears Holding Corp said Wednesday that some of its customers' payment information may have been breached in a cyberattack last fall.
The companies said the incident involved (24)7.ai, a chat-services provider used by Delta, Sears and other companies.
Delta says only "a small subset" of customers were affected, with payment information exposed from Sept. 26 to Oct. 12. It says no other personal details about customers, such as their passport, security or frequent-flyer account information, was affected.
The Atlanta-based airline says (24)7.ai informed it of the breach last week. Delta brought in federal law enforcement and forensic teams and confirmed that the unauthorized access was cut off by October.
Delta says it will make sure customers aren't held responsible if their payment cards were used fraudulently. It will create a website Thursday to update customers.
Sears, which said it was made aware of the breach in mid-March, revealed that the incident allowed unauthorized access to credit card information of under 100,000 customers, Reuters reported.
The chain said its stores were not compromised and its internal systems were not accessed. It added that customers using Sears-branded credit cards were not affected.
(24)7.ai, which is based in San Jose, California, said a "small number" of its client companies had their online customer payment information potentially exposed. It said it is confident that its platform is now secure and is working with its clients to determine if any of their customer information was accessed.
The company says it works with industries ranging from financial services to healthcare and e-commerce.