Best Buy Impacted by Same Data Breach as Sears
Best Buy said on Friday that some of its customers’ credit card information may have been compromised in a data breach that also hit Sears and Delta Air Lines. All three companies use a third-party firm, 7.ai, to provide online and mobile chat services for customers. Best Buy said in a blog post that 7.ai told the company that it was " the victim of a cyber intrusion. Their information suggests that the dates for this illegal intrusion were between Sept. 27 and Oct. 12, 2017." The blog post continued: "As best we can tell, only a small fraction of our overall online customer population could have been caught up in this 7.ai incident, whether or not they used the chat function." Best Buy said it would contact any affected customers directly and wants to assure them that "they will not be liable for fraudulent charges."
Total Retail's Take: As we reported last week, there have been a flurry of data breaches recently. Sears and Best Buy are victims in the same third-party breach; Panera Bread recently announced that it left the data of millions of customers online for eight months or more before removing it from its website; and we reported that hackers stole information from more than 5 million credit and debit cards used at select Saks Fifth Avenue, Saks Off 5th and Lord & Taylor stores. Lastly, in late March, Under Armour admitted that about 150 million user accounts tied to its MyFitnessPal nutrition-tracking app were breached earlier this year. While data security is an obvious concern for consumers and retailers, brands must also consider the security practices of their third-party partners. Security experts, reportedly, have raised concerns about how the recent breach was handled. Chat provider 7.ai didn't issue a press release until last week, and Sears reportedly wasn't notified until the middle of last month. Urgency is critical when alerting potential victims of a data breach. To their credit, the retailers affected in this incident were much more forthcoming than 7.ai. Best Buy and Sears moved quickly to contact their customers once they had been notified of the security incident.