Delta Air Lines and Sears say they are working to determine the extent of data breaches last year that impacted customers. File Photo by John Angelillo/UPI | License Photo
April 5 (UPI) -- Delta Air Lines and Sears are the latest major U.S. companies to report data breaches, as the companies investigate the impact on customers' privacy.
The breaches, announced Wednesday, occurred between Sept. 26 and Oct. 12 -- through 7.ai, the vendor that provides online chat services for both companies. Neither Delta nor Sears said exactly how many customers may have been affected, but Sears said it was "less than 100,000."
Delta said it was notified of the breach last week. Certain payment information for 7.ai clients may have been accessed. No other customer personal information, such as passports, government IDs, security or SkyMiles was breached, the carrier said.
The airline contacted federal law enforcement and forensic teams.
"At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised," Delta's statement said. "We appreciate and understand that this information is concerning to our customers. The security and confidentiality of our customers' information is of critical importance to us and a responsibility we take extremely seriously."
On Thursday, Delta was launching a dedicated website -- delta.com/response -- to address customer questions and concerns. The company also will contact customers who may have been impacted and said that if a payment card was used fraudulently, the customer will not be held responsible.
Sears said in a statement the incident involved unauthorized access to fewer than 100,000 Sears and Kmart credit cards. Customers using a Sears-branded credit card were not affected.
"As soon as 7.ai informed us in mid-March 2018, we immediately notified the credit card companies to prevent potential fraud and launched a thorough investigation with federal law enforcement authorities, our banking partners and IT security firms," Sears said.
Sears is establishing a hotline for customers on Friday and posting more information on the company's website as it becomes available.
A statement issued Wednesday by 7.ai said the incident was contained Oct. 12 and its platform is secure.
"7.ai discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies and affected clients have been notified. The incident began on Sept. 26 and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers' online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed."