Data Breach At Chatbot Service Potentially Affects 100,000 Sears Consumers

UPDATE: Best Buy confirmed in a statement that a number of customers may have had their payment information compromised during the [24]7.ai payment breach.

Best Buy has not revealed the number of potential customers affected by the breach, indicating “a small fraction of our overall online customer population could have been caught up in this [24]7.ai incident, whether or not they used the chat function.”


Sears confirmed that one of its customer support services experienced a security incident in fall 2017 that may have exposed credit card information of nearly 100,000 Sears customers. The incident also affected Delta Airlines consumers.

[24]7.ai, an AI-powered chatbot platform that provides online support services to Sears and Kmart, notified Sears of the breach in mid-March 2017, the retailer revealed in a blog post. Sears immediately notified the credit card companies to prevent potential fraud, and launched an investigation with federal law enforcement authorities, banking partners and IT security firms.

{loadposition GIAA}Sears said that credit card information for certain customers who transacted online between Sept. 27, 2017 and Oct. 12, 2017 may have been compromised.Hackers may have accessed names, addresses, credit card numbers, CVV numbers and expiration dates for “several hundred thousand” customers of Sears and Delta during that time.

Customers using a Sears-branded credit card were not impacted. There is no evidence that Sears and Kmart stores were compromised or that any internal Sears systems were accessed by those responsible. [24]7.ai said that its own technologies are now secure.

The announcement came a few days after two retailers unveiled data breaches of their own: Hudson’s Bay Co. confirmed a breach that affected by as many as five million shoppers and Under Armour revealedthat cybercriminals compromised its MyFitnessPal mobile app, affecting approximately 150 million accounts.

As more information becomes available, Sears will post updates to its corporate web site, http://searsholdings.com/update. Sears established a hotline for customers on 10 a.m. Eastern, April 6.