Retail giant Sears and Delta Air Lines, one of the world’s largest carriers, announced that an undetermined number of their customers may have had their payment information accessed through an online chat service.

The service, operated by the San Jose-based tech company (24)7.ai, was compromised between Sept. 26 and Oct. 12 of last year, and information from customers of Delta, Sears and other corporate clients may have been accessed, according to statements by the companies.

The chat service appears on Delta.com websites and allows passengers to type in questions and make reservations with replies provided by an automated system. At the airline, the information may have been breached when passengers manually entered data to make a payment transaction, according to representatives for the carrier.

“In the event any of our customers’ payment cards were used fraudulently as a result of the (24)7.ai cyber incident, we will ensure our customers are not responsible for that activity,” Delta said in a statement to passengers that it pledged to update.

Sears issued a statement saying: “We believe this incident involved unauthorized access to less than 100,000 of our customers’ credit card information.”

— Los Angeles Times