Main Content

Updates on [24]7.ai Cyber Incident

Last Updated: April 13, 2018

 

Statement from Best Buy

Best Buy offers chat services for customers coming to us via their phone or computer. We, like many businesses, use a third-party for the technology behind this service and that company, [24]7.ai, told us recently that they were the victim of a cyber intrusion. Their information suggests that the dates for this illegal intrusion were between Sept. 26 and Oct. 12, 2017. [24]7.ai has indicated that customer payment information may have been compromised during that time and, if that were the case, then a number of Best Buy customers would have had their payment information compromised, as well.

Since we were notified by [24]7.ai, we have been working to determine the extent to which Best Buy online customers’ information was affected. We have done that in collaboration with our third-party vendor and have notified law enforcement. As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function.

We are fully aware that our customers expect their information to be safeguarded and apologize to the extent that did not happen in this case. We will contact any affected customers directly and want to assure them that they will not be liable for fraudulent charges that result from this issue. Additionally, free credit monitoring services will be available if needed.

If you have any questions about this incident please contact us at 247incident@bestbuy.com.

 

Statement from [24]7.ai

SAN JOSE, Calif., April 4, 2018 -- [24]7.ai discovered and contained an incident potentially affecting the online customer payment information of a small number of our client companies, and affected clients have been notified. The incident began on Sept. 26, and was discovered and contained on Oct. 12, 2017. We have notified law enforcement and are cooperating fully to ensure the protection of our clients and their customers' online safety. We are confident that the platform is secure, and we are working diligently with our clients to determine if any of their customer information was accessed.

About [24]7.ai

[24]7.ai is redefining the way companies interact with consumers. Using artificial intelligence and machine learning to understand consumer intent, the company's technology helps companies create a personalized, predictive and effortless customer experience across all channels. The world's largest and most recognizable brands are using intent-driven engagement from [24]7.ai to assist several hundred million visitors annually, through more than 1.5 billion conversations, most of which are automated. The result is an order of magnitude improvement in digital adoption, customer satisfaction, and revenue growth. For more information, visit: http://www.247.ai.

[24]7 and [24]7.ai are trademarks of [24]7.ai, Inc. All other brands, products or service names are or may be trademarks or service marks of their respective owners.

Contact

Ian Bain VP, Corporate Communications Ian.bain@247.ai

 

Questions About the Incident

 

1. What happened?

We were recently told by [24]7.ai that malicious code was present in their software between Sept. 26 and Oct. 12, 2017, which allowed access to payment information for customers that shopped online between those dates. No other customer information was involved. Best Buy systems were not impacted.

2. Is the issue fixed?

[24]7.ai removed the malicious code on October 12, 2017. [24]7.ai engaged leading data security experts to assist with the subsequent investigation and confirm that the malicious code had been removed from its software and the unauthorized access had been stopped. Because of that, and changes we have made to how the [24]7.ai software operates on our site, the malicious code no longer poses a risk to customers shopping on our website.

3. What is [24]7.ai?

Best Buy offers chat services for customers shopping online at bestbuy.com. We, like many businesses, use a third-party, in our case [24]7.ai, for the technology behind this service.

4. When did the incident occur?

[24]7.ai has indicated that the malicious code was inserted in their software on Sept. 26, 2017, and was recognized and removed on Oct. 12, 2017.

5. How did you learn about the incident?

[24]7.ai notified Best Buy of this issue in late March, 2018.

6. How many customers/cards were affected by this data incident?

A small fraction of our total online shoppers were affected. Customers who made purchases in stores were not affected.

7. How do I know if I was impacted?

We have identified the impacted customers and are sending them letters with more information regarding the incident as well as instructions to sign up for identity protection services, including credit monitoring. If you are one of the impacted customers, you can expect to receive a letter within the next two-three weeks.

8. What should I do to protect my information?

If you have not received a letter yet, but believe that your payment card may have been impacted, as a precautionary measure, we encourage you to remain vigilant by doing the following:

  • Review your payment card account statements closely. Report fraudulent activity or suspected identity theft to your payment card issuer.
  • Monitor your free credit reports closely. You are entitled to one free credit report annually. To order your free credit report, visit annualcreditreport.com or call toll free at 1-877-322-8228. We encourage you to review your account statements and monitor your free credit reports.

9. What if I do not receive a letter notifying me that I was an impacted customer?

If you do not receive a letter within the next two-three weeks, it is because Best Buy does not believe you were one of the potentially affected consumers. If you moved and did not file a change of address with the Post Office, the delivery of the letter may be delayed or it may be returned as undeliverable to Best Buy. We will work to find alternative ways to notify you in these cases.

10. How do I get more information?

If you have any questions or would like additional information regarding this incident, please do not hesitate to call us at 1-800-886-7983 or email us at 247incident@bestbuy.com.