Best Buy is the latest company to say that some customers’ payment information may have been exposed in a data breach of a third-party vendor.
In recent days, Delta and Sears Holdings have also revealed that customer data may have been compromised in a cyberattack on the contractor, (24)7.ai.
Best Buy spokesman Jeff Shelman said the number of customers potentially affected is similar to that of Delta and Sears, which have said hundreds of thousands of customers could have been affected.
“As best we can tell, only a small fraction of our overall online customer population could have been caught up in this (24)7.ai incident,…” the company said. “We are fully aware that our customers expect their information to be safeguarded and apologize to the extent that did not happen in this case.”
Best Buy said it was recently notified by (24)7.ai that some of its customer payment information may have been compromised from Sept. 27 to Oct. 12. The Richfield, Minn.-based retailer said it has been working to determine the extent to which information was affected.
The company has set up a website to answer questions and concerns about the incident.
It said it will contact affected customers directly and said they will not be liable for fraudulent charges that might have resulted. It will also offer free credit monitoring to consumers if needed.
In its own statement, (24)7.ai said Wednesday that a “small number” of its clients were affected by the security incident and it has notified them.
“We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers’ online safety,” the company said.
“We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.”