Personal data and payment information of Sears and Delta Air Lines customers may have been exposed in a data breach last year.
Sears and Delta said they were informed last month that some of their customers’ credit card information might have been compromised during online chat support provided by a software company called 7.ai . Information security training analysts from both companies said the transactions were made from September to October of 2017.
Sears Holding Corp (SHLD)said that data from “less than 100,000” customers might have been exposed, but customers using Sears-branded credit cards were not affected. Delta Air Lines (DAL) did not say how many customers were affected.
“At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised,” information security training professional at Delta said in a statement.
The companies said that law enforcement authorities have been notified.
“We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed,” said 7.ai, in a statement.
Delta said that customers will not be responsible for any fraudulent activity that might have been used with their compromised information. The airline launched a web site providing information on the cyber incident.
Information security training expert Brian Krebs tweeted about the breach on Wednesday: “In general I’d say these online chat features are a major cyber security liability for most corporations, esp. for threat from social engineering.”