Name, address, and credit card numbers have been exposed on those companies' websites.
None of the companies' internal databases were actually breached.
A piece of malware temporarily residing in their online chat service may have harvested payment information once the transaction is completed.
Source: https://www.cnet.com/news/privacy/delta-sears-kmart-data-breach-credit-card-address/
"id": "SEA232115622",
"linkid": "sears",
"type": "Data Leak",
"date": "04/2018",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"