Best Buy says some customers could be affected by data breach of third-party vendor

Same vendor, [24]7.ai, may have exposed Sears and Delta customer data.

April 6, 2018 at 1:02AM
Shoppers make their way around the parking lot at the Best Buy store Tuesday, May 23, 2017, in Orange, Calif. (AP Photo/Chris Carlson)
Shoppers make their way around the parking lot at the Best Buy store Tuesday, May 23, 2017, in Orange, Calif. (The Minnesota Star Tribune)

Best Buy is the latest company to say that some customers' payment information may have been exposed in a data breach of a third-party vendor that runs the retailer's online chat services.

In recent days, Delta and Sears Holdings have also revealed that customer data may have been compromised in a cyberattack on the contractor, [24]7.ai.

Best Buy spokesman Jeff Shelman said the number of customers potentially affected is similar to that of Delta and Sears, which have said hundreds of thousands of customers could have been affected.

"As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function," the company said. "We are fully aware that our customers expect their information to be safeguarded and apologize to the extent that did not happen in this case."

Best Buy said it was recently notified by [24]7.ai that some of its customer payment information may have been compromised from Sept. 27 to Oct. 12. The Richfield-based retailer said it has been working to determine the extent to which information was affected.

The company has set up a website to answer questions and concerns about the incident.

It said it will contact affected customers directly and said they will not be liable for fraudulent charges that might have resulted. It will also offer free credit monitoring to consumers if needed.

"Out of an abundance of caution, we have disabled chat from the sensitive parts of our site," Shelman said.

In its own statement, [24]7.ai said Wednesday that a "small number" of its clients were affected by the security incident and it has notified them.

"We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers' online safety," the company said.

"We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed."

In recent weeks, there have been a rash of cyberattacks. Some other companies that have been affected include Hudson's Bay (the owner of Saks Fifth Avenue) and Under Armour.

Kavita Kumar • 612-673-4113

about the writer

about the writer

Kavita Kumar

Community Engagement Director

Kavita Kumar is the community engagement director for the Opinion section of the Star Tribune. She was previously a reporter on the business desk.

See More

More from Business

card image
FILE -- President Donald Trump signs the tax reform bill in the Oval Office of the White House in Washington, Dec. 22, 2017. Republicans are pouring government stimulus into a steadily strengthening economy, adding economic fuel at a moment when unemployment is low and wages are beginning to rise, a combination that is stoking fears of higher inflation and ballooning budget deficits. (Doug Mills/The New York Times)