[BreachExchange] Best Buy says some customers could be affected by data breach of third-party vendor

Audrey McNeil audrey at riskbasedsecurity.com
Thu Apr 5 18:57:12 EDT 2018 

http://www.startribune.com/best-buy-says-some-customers-
could-be-affected-by-data-breach-of-third-party-vendor/478914003/

Best Buy is the latest company to say that some customers' payment
information may have been exposed in a data breach of a third-party vendor
that runs the retailer's online chat services.

In recent days, Delta and Sears Holdings have also revealed that customer
data may have been compromised in a cyberattack on the contractor, [24]7.ai.

Best Buy spokesman Jeff Shelman said the number of customers potentially
impacted is similar to that of Delta and Sears, which have said hundreds of
thousands of customers could have been affected.

"As best we can tell, only a small fraction of our overall online customer
population could have been caught up in this [24]7.ai incident, whether or
not they used the chat function," the company said. "We are fully aware
that our customers expect their information to be safeguarded and apologize
to the extent that did not happen in this case."

Best Buy said it was recently notified by [24.]7.ai that some of its
customer payment information may have been compromised from Sept. 27 to
Oct. 12. The Richfield-based retailer said it has been working to determine
the extent to which customer information was affected.

The company has set up a website to answer questions and concerns about the
incident.

It said it will contact affected customers directly and said they will not
be liable for fraudulent charges that might have resulted. It will also
offer free credit monitoring to consumers if needed.

"Out of an abundance of caution, we have disabled chat from the sensitive
parts of our site," Shelman said.

In its own statement, [24]7.ai said Wednesday that a "small number" of its
clients were affected by the security incident and it has notified them.

"We have notified law enforcement and are cooperating fully to ensure the
protection of our clients and their customers' online safety," the company
said. "We are confident that the platform is secure, and we are working
diligently with our clients to determine if any of their customer
information was accessed."

In recent weeks, there have been a rash of cyberattacks. Some other
companies that have been affected include Hudson's Bay (the owner of Saks
Fifth Avenue) and Under Armour.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180405/2ce20662/attachment.html>

More information about the BreachExchange mailing list