Best Buy has now been added to the list of companies like Delta, Sears and Kmart who have been hit by a payment card breach. Hackers were able to get to Best Buy’s customers Payment data through an attack on their online services provider [24]7.ai. Best Buy used [24]7.ai for online chat/support services. Chris Olson, CEO at The Media Trust commented below.
Chris Olson, CEO at The Media Trust:
“This latest breach is a classic example of the challenges in securing today’s digital environment. More than 70% of the Best Buy website is provided by third parties, a typical composition for today’s websites which rely on third parties to provide the engaging and interactive functionality consumers expect. As belatedly realized by many enterprises, if not continuously monitored, these third parties can be compromised damaging consumer trust and brand reputation, all without their knowledge. Even worse, this situation represents significant PCI DSS compliance and data privacy failures. Unless security professionals have a true digital risk management program in place to monitor all code executing on their website using multiple user profile combinations, there really is no other way to defend their websites against breaches. This preventative stance is especially valuable for ecommerce website security, where there is a direct impact on revenue and sensitive customer information.”
