April 9, 2018 by

Best Buy Warns of Data Breach Affecting Customers’ Payment Information

Major retailer Best Buy has said that some of its customers’ credit and payment card details may have been compromised in a data breach that has also impacted Sears and Delta Airlines.

In a public disclosure, Best Buy has revealed that a breach affecting third-party technology vendor [24]7.ai between September 27 and October 12, 2017, could also mean that ‘a number of Best Buy customers would have had their payment information compromised’.

Best Buy says it notified law enforcement while collaborating with the affected third-party vendor to determine the extent to which Best Buy online customers’ information was affected. The information was exposed by a piece of malware that targeted and impacted the vendor’s chat tool. [24]7.ai claims it has since issued an immediate fix before beginning an internal investigation into the source of the malware.

In an excerpt, Best Buy stated:

As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function.  

A “small fraction” of the retailer’s online customer population could potentially be a fairly large number. Best Buy added it was hit in the same period when Sears and Delta Air Lines’ customer data was exposed in the cyberattack.

While Delta didn’t reveal how many customers were impacted by the data breach, Sears said that data from “less than 100,000” customers may have been exposed as a result of the breach. Meanwhile, the third-party vendor said it was “confident that the platform is secure” after the Sears and Delta cyberattack was revealed.

Image credit: Flickr.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.