Impact Of Chat Service Breach Expands To Best Buy, Kmart

credit card payment

A breach that exposed the credit card information of Delta Air Lines and Sears Holdings now expands its impact to include Best Buy and Kmart.

The number of companies coming forward as victims of a data breach – that potentially exposed hundreds of thousands of credit card payment information – has expanded to include Best Buy and Kmart.

Last week, software service provider [24], a company that provides online chat services for Delta, Sears and other companies, announced that its platform was a victim of a data breach in 2017. Hackers targeting [24] were able to collect payment information for its clients.

On Wednesday, Delta Air Lines and Sears came forward to announce that they had been impacted – and on Friday, the number of impacted companies expanded to include Best Buy, which said in a statement that a “small fraction” of its customers have had their payment information compromised due to a [24] malware attack that lead to the breach.

“Since we were notified by [24], we have been working to determine the extent to which Best Buy online customers’ information was affected,” said Best Buy in a statement.

“We have done that in collaboration with our third-party vendor and have notified law enforcement,” said the statement. “As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24] incident, whether or not they used the chat function.”

Best Buy said that it will contact any impacted customers directly.

The attacks began on Sept. 26, 2017 and continued through Oct. 12, according to [24] The service provider said there systems were targeted in a malware attack, but declined to detail the nature of the incident or how many clients were impacted. The company said last week that their systems are now secure.

Kmart, which is owned by Sears Holdings, said in a statement that it is “working closely with federal law enforcement authorities, our banking partners, and IT security firms in this ongoing investigation. We cannot comment on any specific activities by those parties; please direct any questions to them.”

In a statement, [24] said that a “small number of our client companies” were impacted.

Last week, the attack was first pegged as potentially exposing the credit card information of hundreds of thousands of Delta Air Lines and Sears Holdings customers.

Sears, which said in a statement they were informed of the breach in mid-March, said it believed the incident involved access to less than 100,000 customers’ credit card information.

Delta, meanwhile, said only “a small subset” of customers had been impacted, but did not specify the number. The airline company was informed of the breach on March 28.

“The question needs to be asked, who are our partners, what are their security practices, what data are we sharing, and what systems will they have access to? In this example, [24] – the software service provider for Sears (and many other large retail and airline brands) – became the source for the breach exposing customer credit card data,” said Anthony James, CMO at CipherCloud.

Suggested articles


  • Anonymous on

    Why the heck would you let your 3rd party chat vendor have access to customer credit card information? wow. the common sense train didn't stop at these companies.
    • Anonymous on

      I'm wondering if the vendor outsourced chat support help as well, and 'needed' access to payment information to help resolve customer issues. Of course that should have been a huge red flag...
  • Anonymous on

    you can't fix stupid
  • Anonymous on

    Best buy has always been full of s#!t for a long time. I will be finding a new place to take my computer for service. Hard to trust anybody with a computer business. Their customer service over the phone is crap!
  • Darius on

    This article is an example of what can happen when you utilize 3rd party tools on your site. In this case, the 3rd party was hacked, and so the tool could screen scrape on all your users including customer order entry screens, provide malware and adware, misdirection of information, etc. Basically, Hijack your site

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.