But this data breach is a little different. Hackers didn't penetrate Best Buy's system; they broke into a company that manages Best Buy's customer chat platform.
The company in question is [24]7.ai. Between September 27 and October 12 of last year, it suffered a breach of its network system. Hackers were able to access all kinds of company data, including Best Buy customers' payment card information.
“Since we were notified by [24]7.ai, we have been working to determine the extent to which Best Buy online customers’ information was affected,” the company said in a statement. “We have done that in collaboration with our third-party vendor and have notified law enforcement.”
Best Buy says only “a small fraction” of the company's online customers have been affected. However, it says customers didn't have to use the chat function to be compromised.
Best Buy customers who think they could have been affected are encouraged to visit this website for more information about the breach.
“We will contact any affected customers directly and want to assure them that they will not be liable for fraudulent charges that result from this issue,” the company said. “Additionally, free credit monitoring services will be available if needed.”
What to do
Consumers who learn their payment card information was compromised should contact the card's issuer and report it. The institution will likely issue a new card.
It is also important to carefully monitor accounts and look for fraudulent charges. By law, consumers' liability for fraudulent credit card charges is limited to $50 if the charge is reported promptly. In this case, Best Buy says affected customers will not be liable for any fraudulent charges.
Best Buy customers who see fraudulent charges on their credit or debit card accounts should also inform Best Buy at 247incident@bestbuy.com.