A breach at a software provider has compromised the credit card information of numerous Delta Air Lines Inc. and Sears Holding Corp. customers, according to the two companies.

The outside provider in question is [24]7.ai Inc., which sells tools for managing contact center operations. According to a statement issued by Delta today, several hundred thousand flyers may have been affected. Sears, in turn, said that fewer than 100,000 customers are affected.

The two companies shared some information about the breach in their respective announcements. Sears said that it was notified by [24]7.ai in mid-March about an incident that the latter firm claimed took place from Sept. 27 to Oct. 12 of last year. Delta went into more detail, specifying that the customer service provider’s systems were infected with malware designed to steal payment information.

According to the airline, the attackers had access only to credit card details that customers typed in manually while purchasing tickets online. Delta said flyers who used its Delta Wallet application to enter the information automatically weren’t affected.

As for the stolen information, the airline said the malware compromised user addresses, card numbers, CVV numbers and card expiration dates. Sears didn’t specify what data was exposed about its customers, but it’s reasonable to assume the same details were involved, given the common source of the breach.

The breach at [24]7.ai is the latest in a string of high-profile cyberattacks that have come to light recently. Just a week ago, Under Armour Inc. revealed that hackers had stolen account details belonging to 150 million users of its popular MyFitnessPal diet tracking app. A few days before that, Expedia Inc. disclosed a security incident at its Orbitz travel booking site that may have compromised the payment information of as many as 880,000 customers.

Both Delta and Sears have committed to contacting users whose information may have been stolen in the breach.

Image: Pixabay