Best Buy hit by [24]7.ai data breach, too

It's not just Delta, Sears and Kmart ...

Sean Hollister Senior Editor / Reviews
When his parents denied him a Super NES, he got mad. When they traded a prize Sega Genesis for a 2400 baud modem, he got even. Years of Internet shareware, eBay'd possessions and video game testing jobs after that, he joined Engadget. He helped found The Verge, and later served as Gizmodo's reviews editor. When he's not madly testing laptops, apps, virtual reality experiences, and whatever new gadget will supposedly change the world, he likes to kick back with some games, a good Nerf blaster, and a bottle of Tejava.
Sean Hollister
2 min read
Sarah Tew/CNET

Earlier today, we learned that hundreds of thousands of Delta Airlines, Sears and Kmart online shoppers may have had their names, addresses, and credit card information stolen by hackers. Now, you can add Best Buy to that list. 

The big-box electronics retailer says it was also affected by the same breach, due to Best Buy's use of online customer service software from [24]7.Ai during a 15-day period when that third party firm's online chat tool was infected with malware. 

(You don't need to have used the online chat software to be affected. Delta, for one,  believes that if you entered billing information into these companies' desktop websites between Sept. 26 and Oct. 12, 2017, there's a chance your information was compromised.)

Best Buy hasn't said how many of its customers were affected, but indicated the the number is small. "As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function," the company said in a statement.

It's important to note that none of these companies has yet confirmed whether any personal information was actually stolen. They've merely said there was an opportunity for it to have been taken.

Regardless, Best Buy says it will offer free credit monitoring services to those who want them, and is assuring its customers they won't be liable for any illegal transactions. 

We're still wondering if more companies were affected. A January profile of [24]7.ai listed American Express, AT&T, Citi, eBay, Farmers Insurance and Hilton as clients of the chat company, as well. 

American Express and Farmers Insurance confirmed they weren't affected by the breach.

Updated 4/6 at 7:07 a.m. PT: Adds information from Farmers Insurance.