Count Best Buy Co. Inc. as another unwilling member of the [24]7.ai Inc. breach that has yielded customer payment information already from Sears Holdings Inc. and Delta Air Lines Inc. In a statement released Thursday, Best Buy disclosed that an unspecified number of customers were affected when the online chat vendor’s network was infiltrated last fall.
San Jose, Calif.-based [24]7.ai said the breach began Sept. 26 and was discovered and “contained” on Oct. 12. Sears and Delta revealed their ensnarement Wednesday. Minneapolis-based Best Buy said, “As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function.” Best Buy said data from its customers was affected from Sept. 27 through Oct. 12.
While many merchants have taken aggressive measures to safeguard payment data, the prospect of an incident with a service provider is a serious issue. In its Global Security Report 2018, data-security provider Trustwave said service providers accounted for 9.5% of the more than 700 data compromises the Chicago-based firm investigated in 2017. That is up significantly from 1% in 2016.