If you’re a Best Buy customer, you’re going to want to check your credit cards. Just a day after Sears, Kmart, and Delta admitted that they were affected by the breach of the data firm 7.ai, Best Buy has come forth with a statement of its own, effectively raising its hand to say that it has been impacted as well.
“Best Buy offers chat services for customers coming to us via their phone or computer,” the company noted in a blog on its corporate website. “We, like many businesses, use a third-party for the technology behind this service and that company, 7.ai, told us recently that they were the victim of a cyber intrusion.”
This hack (in fact, a piece of malware) happened between September 27 and October 12 of 2017, and as a result, it would appear that payment information “may have been compromised.” And if 7.ai compromised customer payment information, that means that Best Buy customers were likely affected.
Best Buy notes that since the data firm gave notice of the potential risk, the company has been hard at work attempting to solidify “the extent to which Best Buy online customers’ information was affected.” And thus far, the electronics giant seems to be quite optimistic. In fact, it says, “As best we can tell, only a small fraction of our overall online customer population could have been caught up in this 7.ai incident, whether or not they used the chat function.”
This is much better than Sears, Kmart, and Delta, who collectively believe that thousands of their own customers were likely victims of this attack. All the same, even if it is only a “small fraction” of Best Buy’s customer base, for folks who are impacted, it’s still far too many. To that end, the company noted, “We are fully aware that our customers expect their information to be safeguarded and apologize to the extent that did not happen in this case.”
In response to the attack, Best Buy has set up a website that customers can visit in order to ask questions or address concerns. Best Buy will also contact affected customers directly, and has noted that they will not be held accountable for any fraudulent charges that resulted from the data breach. Furthermore, the company is offering free credit monitoring services where needed.