Best Buy Warns of Data Breach

Best Buy, along with Delta Air Lines and Sears, says that [24]7.ai, a company that provides the technology backing its chat services, was hacked between September 27 and October 12, potentially jeopardizing the personal payment details of "a number of Best Buy customers." The electronics company said in a statement that "as best we can tell, only a small fraction of our overall online customer population could have been caught up in this... incident whether or not they used the chat function." They will reach out to customers who were impacted.

This is routine

[silverkniveshotmail.]

I'm not surprised or outraged anymore. On the bright side, credit monitoring is basically free for everyone forever.

There is a simple solution

[Anonymous Coward]

For in-store purchase, CASH!!!

Re:

[tlhIngan]

For in-store purchase, CASH!!!

Except it wasn't in-store purchases that were hacked. It was online purchases - the chat software was a SaaS package Best Buy, Sears, etc. all used that got hacked.

It's not about Point of Sale machines being hacked (this time), but how one company has software used by lots of other companies got hacked. Closest example would be bad ads being served up, except instead of the site hosting the ad, it was a piece of utility software instead.

Monotonous!

[mschaffer]

Let me know when someone hasn't been breached.
The real news is that nothing important is being done about it.
Nobody gets punished. Nothing happens except waiting for the next one.

Re: Monotonous!

[ArmoredDragon]

Hmm...no. I know for a fact that they're going to get fined by PCI. PCI-DSS is in many ways like HIPAA: It gives vague details about how your network and servers should be secured, (for example it says networks should be "segmented" with no clarification at all if vlans suffice) and basically "do your best". If payment details get leaked, then guess what? You didn't do enough to secure your network, so have a fine.

Though PCI also has a reputation of being in the business of fining anyone who processes credi

Why?

[srichard25]

Why would technology backing chat need any access to payment information?

Re:

[tlhIngan]

Why would technology backing chat need any access to payment information?

The problem was the chat software was hacked. So when you try to check out and enter your payment information, that little box that pops up asking if you need support then snarfs the data from the web page.

Basically, all these companies use a SaaS package from a company who was breached. That breach caused the software used to get the ability to steal information. It's less about Best Buy et al. storing the payment information, and mor

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Ol Olsoc]

I may have to give up all my stuff, and learn how to speak Amish.

It's similar to English Canadian. Now let's get you a name - Caleb has a nice ring.

But it isn't all bad, if google searches for "Amish Porn" are any indication.

Who ya gonna call to clean up a mess like this?

[SpzToid]

Geek Squad! [npr.org]

The FBI paid Best Buy Geek Squad employees as informants, rewarding them for flagging indecent material when people brought their computers in for repair.

TRANSLATION

[JustAnotherOldGuy]

"as best we can tell, only a small fraction of our overall online customer population could have been caught up in this... incident"

Lol, "as best we can tell"

TRANSLATION: "They got all your data, every bit of it, but we're going to reveal this in a series of press releases in order to desensitize you to the scope of the loss."