This hack hit Sears, Delta and Best Buy through a subcontractor they all use. The breach hit in October, 2017. They were “informed” last month. So why wait a month to tell people? (Give the execs time to sell stock? That’s the cynic in me.) Best Buy says it was hit by same data breach as Sears and Delta
Best Buy said on Friday that some of its customers’ credit card information may have been compromised in a data breach that also hit Sears and Delta Air Lines.
The breach at a 3rd party company – 7.ai – that supports chat, occurred between late September and mid October of last year. That 3rd party waited until last month to inform their customers and they have waited until this month to inform their customers. And it looks like Best Buy only came clean because Sears and Delta went public yesterday. (So how long would they have waited?)
So I understand that shit happens. But why does everyone wait and wait and wait to tell the public? At this point in the 21st Century you should have a PR plan in place for when you get hacked. That should be in place now. You should be able to alert the public the day you have the breach closed. But the corporate “cover-your-ass” culture seems too ingrained for that. In at least 1 instance (memory fails me, but I would bet on Equifax, though that may just be because that breach still pisses me off) the execs sold shares before they announced the hack. (And before the stock fell.)
So tell me, is there ANY company in the world that can be trusted with customer data?