Best Buy said on Friday that some of its customers’ credit card information may have been compromised in a data breach that also hit Sears and Delta Air Lines.
All three companies use a third-party firm, called 7.ai, to provide online and mobile chat services for customers.
Best Buy said in a blog post that 7.ai told the company that an “illegal intrusion” occurred between September 27 and October 12, 2017.
“As best we can tell, only a small fraction of our overall online customer population could have been caught up in this 7.ai incident, whether or not they used the chat function,” the post said.
Best Buy says it was hit in the same time period when Sears Holding Corp. and Delta Air Lines customer data was exposed in a cyberattack.
Sears and Delta were the first to say they were impacted. The companies said Thursday that some of their customers’ payment information might have been compromised during online chat support.
Sears said that data from “less than 100,000” customers might have been exposed, but Sears-branded credit cards were not affected. Delta didn’t say how many people were affected.
7.ai said, in a statement after the Sears and Delta cyberattack was revealed, that it was “confident that the platform is secure.”