UPDATE: Best Buy confirmed in a statement that a number of customers may have had their payment information compromised during the 7.ai payment breach.
Best Buy has not revealed the number of potential customers affected by the breach, indicating "a small fraction of our overall online customer population could have been caught up in this 7.ai incident, whether or not they used the chat function."
Sears confirmed that one of its customer support services experienced a security incident in fall 2017 that may have exposed credit card information of nearly 100,000 Sears customers. The incident also affected Delta Airlines consumers.
7.ai, an AI-powered chatbot platform that provides online support services to Sears and Kmart, notified Sears of the breach in mid-March 2017, the retailer revealed in a blog post. Sears immediately notified the credit card companies to prevent potential fraud, and launched an investigation with federal law enforcement authorities, banking partners and IT security firms.
Customers using a Sears-branded credit card were not impacted. There is no evidence that Sears and Kmart stores were compromised or that any internal Sears systems were accessed by those responsible. 7.ai said that its own technologies are now secure.
The announcement came a few days after two retailers unveiled data breaches of their own: Hudson’s Bay Co. confirmed a breach that affected by as many as five million shoppers and Under Armour revealedthat cybercriminals compromised its MyFitnessPal mobile app, affecting approximately 150 million accounts.
As more information becomes available, Sears will post updates to its corporate web site, http://searsholdings.com/update. Sears established a hotline for customers on 10 a.m. Eastern, April 6.