Consumer electronics retailer Best Buy on Thursday became the third major company to acknowledge that a portion of its customer payment information was exposed in a data breach of third-party chat and customer engagement services provider [24]7.ai.
Delta and Sears are also embroiled in the breach incident, which Gizmodo reported resulted from a malware attack that enabled the unauthorized access of payment card numbers, CVV numbers, expiration dates, and customer names and addresses.
"Since we were notified by [24]7.ai, we have been working to determine the extent to which Best Buy online customers' information was affected," reads a statement posted the $42 billion retailer. "We have done that in collaboration with our third-party vendor and have notified law enforcement. As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function."
Although the breach took place from Sept. 27 through Oct. 12, 2017, Sears and Delta said that the vendor did not notify them until March of this year. Best Buy's statement does not indicate when executives were informed of the incident, but it does not that the company will contact affected customers directly and will offer them free credit monitoring services, if needed.