(Reuters) – Department store chain Sears Holding Corp and Delta Air Lines Inc said on Wednesday some of their customer payment information may have been exposed in a cybersecurity breach at software service provider [ 24]7.ai.
Sears said it was notified of the incident in mid-March and the incident led to unauthorized access to the credit card information of under 100,000 of its customers.
Technology firm [ 24]7.ai, which provides online support services for Delta, Sears and Kmart among other companies, found that a cybersecurity incident affected online customer payment information of its clients, it said.
The incident happened on or after Sept. 26, 2017 and was found and resolved on Oct. 12, the company said.
Personal details related to passport, government identification, security and SkyMiles information were not impacted, Delta said.
The No. 2 U.S. carrier said while a small subset of its customers would have had their information exposed, it cannot be said with certainty if their information was accessed and compromised.
Sears said its stores were not compromised and their internal systems were not accessed in the breach. There was no impact on the information of customers using a Sears-branded credit card, the retailer said.