It’s been quite a week for data breaches so far, with Saks and Lord & Taylor, and Panera Bread kicking things off. Now Sears and Delta are joining the list.

A vendor called [24]7.ai, which provides online support and chat services for Sears and Delta, among other businesses, was the source of the breach. The vendor was hit with a malware attack sometime between September 27 and October 12 of this past year. As The Verge reports, “Customers who made online purchases from Sears and Delta during that time period could have had their credit card information compromised.” The information in question may have involved payment card numbers, CVV numbers, and expiration dates, as well as customers’ names and addresses.

Sears says that fewer than 100,000 of their customers were impacted. However, Delta has said that hundreds of thousands of travelers could be affected.

The cyberattack incident is currently under investigation. Gizmodo writes, “The nature of the malware involved has not been disclosed and it remains unclear whether the payment card information, which Delta says was entered by the customers themselves, got intercepted in transit or was improperly stored.”

Get the full story at Gizmodo.