The online customer service platform [24]7.Ai was reportedly infected with Malware from September 27 through October 12 of last year and news of how bad the breach was is just beginning to seep out. The security breach became known and was announced earlier this week according to multiple sources, including one of the company’s breached, Best Buy. Since the tool is used to interact with customers, sometimes dealing with account issues, that means that many shoppers at Best Buy may have had their payment information and other data compromised. For clarity, this is the online tool many companies use for customer care. Other companies known to have been using the tech company’s services at the time include Delta Airlines, Sears, and Kmart. Other companies known to use the service include Hilton, AT&T, Citi, Best Buy, American Express, eBay, and Farmers Insurance. Of those, only American Express and Farmers Insurance have responded to say they weren’t affected.
The total number of accounts that may have been leaked is up into the hundreds of thousands, as of this writing, but it isn’t immediately clear how much was taken or what. For Best Buy’s part, the company has contacted law enforcement, is offering a free credit monitoring service, and the company will be contacting any customers that might have been affected. Those customers will not be responsible, according to the company, for any illegal transactions conducted with any information stolen. Delta began contacting customers back on April 4 and other companies involved will likely follow suit with their own responses to the breach.
In the meantime, Best Buy says that it is confident the percentage of users affected over the course of that period is low. Other companies have also said that none of the stolen data seems to have been used. However, any customer who was logging into those sites for transactions or customer service during that timeframe will need to be vigilant. Bad actors will often hold onto data for extended periods after this kind of activity or will attempt to sell it online. In either case, a relatively long span can elapse before somebody attempts to use what was stolen in an attempt to catch the victims of the theft off guard.