Best Buy customer info may have been exposed in data breach

It’s been a week filled to the brim with customer security compromises, and here’s one more to add to the pile. A day after Sears, Kmart and Delta confirmed that they’d been impacted by a breach of data firm, [24]7.ai, Best Buy issued a public statement noting that it’s in the same boat.

At last count, Sears, Kmart and Delta believe that thousands of customers have potentially had data exposed. In its own statement, Best Buy seems slightly more optimistic about its own numbers, but from the sound of things, it’s still relatively early in the investigation.

“Since we were notified by [24]7.ai, we have been working to determine the extent to which Best Buy online customers’ information was affected,” the company said in the statement. “We have done that in collaboration with our third-party vendor and have notified law enforcement. As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function.”

Of course, a “small fraction” of the company’s overall online customer population still has the potential to be a fairly large number. According to [24]7.ai, the “cyber intrusion” occurred some time between September 27 and October 12, 2017, exposing customer payment information in the process.

The information was exposed by a piece of malware impacting [24]7.ai’s chat tool on October 12. The service says it issued an immediate fix and began an internal investigation into the source of the malicious code.