The personal data and payment information of Sears and Delta Air Lines customers may have been exposed in a data breach last year.
Sears and Delta said they were informed last month that some of their customers’ credit card information might have been compromised during online chat support provided by a software company called 7.ai . Both companies said the transactions were made from September 26 to October 12, 2017.
Sears Holding Corp said that data from “less than 100,000” customers might have been exposed, but customers using Sears-branded credit cards were not affected. Delta Air Lines did not say how many customers were affected.
“At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised,” said Delta in a statement.
The companies said that law enforcement authorities have been notified.
“We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed,” said 7.ai, in a statement.
Delta said that customers will not be responsible for any fraudulent activity that might have been used with their compromised information. The airline launched a web site providing information on the cyber incident.
Cybercrime expert Brian Krebs tweeted about the breach on Wednesday: “In general I’d say these online chat features are a major cybersecurity liability for most corporations, esp. for threat from social engineering.”
Sears and Delta are the latest companies to get hit by data hacks.
Saks, Lord & Taylor said on Sunday that data was stolen on 5 million cards.
Facebook also raised eyebrows when it recently revealed that Cambridge Analytica, a data firm with ties to President Trump’s campaign, may have scraped data on 87 million people. Co-founder and chief executive Mark Zuckerberg said that efforts to improve security will be “never-ending.”