David Goldman, AP
FILE - In this Jan. 30, 2017, file photo, a Delta Air Lines flight takes off from Hartsfield-Jackson Atlanta International Airport in Atlanta. A Delta plan flew in and out of San Juan, Puerto Rico, on Sept. 6, 2017, just before Hurricane Irma battered the island. (AP Photo/David Goldman, File)

Delta Air Lines and Sears both announced on Thursday that customer information from the two brands may have been exposed in a data breach, according to multiple reports.

Both clients use a software service that suffered from a cybersecurity breach that could affect online customer payment information, according to MarketWatch.

The cyber attack occurred last year from Sept. 26 and Oct. 12.

Delta and Sears said they learned about the breach last week.

Delta said in a statement that all personal details related to passports, government identification and SkyMiles credit card info were not impacted.

However, the company said “certain customer payment information” was breached.

“At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers' information was actually accessed or subsequently compromised,” the company said.

Delta said it will launch a response website for concerned customers.

The company said that if “our customers' payment cards were used fraudulently as a result of the … cyber incident, we will ensure our customers are not responsible for that activity.”

Meanwhile, Sears said the threat obtained information on customers’ credit card information for nearly 100,000 customers, according to CNBC.

However, Sears said in a statement that its stores were not compromised and it will have no impact on Sears-branded credit cards.

In response, Sears has also launched a website for concerned customers, as well as an express hotline.

“It is important to note that the policies of most credit card companies state that customers have no liability for any unauthorized charges if they report them in a timely manner,” the company’s statement said.

Last Friday, Under Armour announced that a data breach stole information from nearly 150 million people who use the company’s MyFitnessPal app, according to the Deseret News. Specifically, the hack stole people’s usernames, emails and passwords.

Under Armour said that people’s payment information was not stolen in the breach.

The company’s data breach comes at the same time as Facebook announced that third-party data firm Cambridge Analytica improperly bought 87 million people’s data, opposed to the original estimate of 50 million people.

As the Deseret News reported this week, companies often use our online habits to sell target ads and make money.

2 comments on this story

"The fact that I bought a pair of socks is not that damaging, but if suddenly you know everything I purchase, where I live, what sites I like to visit, all the public data associated with me, including my personal address, my business address, my contact information … suddenly you have a lot of really important data about me,” Charlotte Tschider, an international cybersecurity and privacy consultant in Minneapolis who teaches at the Mitchell Hamline School of Law, told the Deseret News. “And I probably would change how I felt about you having that data if I knew how much data you actually have.”