Best Buy Buries Comments on Cyberattack

Print Email

Best Buy Co. Inc. (NYSE: BBY) was hit by a cyberattack. Try to find the announcement at the Best Buy website. It is not on the home page, where it would be most visible. It is in a blog post, where few Best Buy customers can or will find it.

Under the “Blogs” section of the Best Buy website, an unidentified “staff writer” posted:

Best Buy Statement On [24]7.Ai Cyber Incident

Best Buy offers chat services for customers coming to us via their phone or computer. We, like many businesses, use a third-party for the technology behind this service and that company, [24], told us recently that they were the victim of a cyber intrusion. Their information suggests that the dates for this illegal intrusion were between Sept. 27 and Oct. 12, 2017. [24] has indicated that customer payment information may have been compromised during that time and, if that were the case, then a number of Best Buy customers would have had their payment information compromised, as well.

Since we were notified by [24], we have been working to determine the extent to which Best Buy online customers’ information was affected. We have done that in collaboration with our third-party vendor and have notified law enforcement. As best we can tell, only a small fraction of our overall online customer population could have been caught up in this [24] incident, whether or not they used the chat function.

We are fully aware that our customers expect their information to be safeguarded and apologize to the extent that did not happen in this case. We encourage any customer with questions or concerns to visit a website we have established in response to this incident. We will contact any affected customers directly and want to assure them that they will not be liable for fraudulent charges that result from this issue. Additionally, free credit monitoring services will be available if needed.

So, the value of the “apology” is obscured by its location.

Two other companies have been identified as having similar problems. These are Delta Air Lines and Sears Holdings, which owns Kmart and Sears.

Best Buy has used “worst practices” as it announced the cyberattack problem. How can people know they have a problem if they cannot find out what the problem is? What a shame.

I'm interested in the Newsletter