The payment data of Sears, Kmart and Delta Air Lines customers may have been compromised in a cybersecurity attack on a software service provider.

The breach, which happened in late September 2017 at [24]7.ai, was resolved on October 12 the same year, according to a MarketWatch report.

The two retailers and Delta acknowledged the potential data exposure this week, stating they learned of the incident last week.

"At this point, even though only a small subset of our customers would have been exposed, we cannot say definitively whether any of our customers’ information was actually accessed or subsequently compromised," Delta said in a statement.

A New York Post report stated just a “small subset” of Delta customers were affected, according to the airline. The airline is reportedly building a website to inform customers and update customers on the incident.

Sears, according to MarketWatch, said the breach may have provided unauthorized access to 100,000 customers’ credit card data but that stores, or internal systems were not impacted.