The company, a customer services operation called [24]7.ai, suffered the breach between Sept. 26 and Oct. 12 last year. It said in a statement that the incident “potentially [affected] the online customer payment information of a small number of our client companies.”

Sears (SHLD) was one of those clients. In a separate statement, the retail giant said it believed “less than 100,000” of its customers were likely affected.

“We believe the credit card information for certain customers who transacted online between September 27, 2017 and October 12, 2017 may have been compromised,” Sears said. “Customers using a Sears-branded credit card were not impacted. In addition, there is no evidence that our stores were compromised or that any internal Sears systems were accessed by those responsible. [24]7.ai has assured us that their systems are now secure.”

Delta (DAL), meanwhile, said a “small subset” of its customers had been affected. The airline stressed that customers’ passport, security and frequent-flyer information had not been included in the breach.

The Atlanta-based carrier said it would set up a website for concerned customers on Thursday, while Sears said it would establish a hotline for customers by Friday morning.