Sears Home Services AI Chatbot Exposed Millions of Customer Conversations
Security researcher Jeremiah Fowler uncovered a major data exposure involving Sears Home Services, the largest appliance repair provider in the U.S., which performs over seven million repairs annually. Between 2024 and early 2025, three unsecured databases containing 3.7 million chat logs, 1.4 million audio files, and text transcripts were left publicly accessible online.
The exposed data included customer interactions with "Samantha," Sears’ AI virtual assistant, powered by the company’s "kAIros" technology. Records revealed personal details such as names, phone numbers, home addresses, appliance information, and repair appointment schedules. Many conversations were in both English and Spanish.
Of particular concern were the audio recordings, some lasting up to four hours far beyond the intended customer service calls. Fowler noted that ambient audio, including private conversations and background noise, was captured after customers believed their calls had ended. This raised significant privacy risks, as sensitive discussions may have been recorded without consent.
Fowler reported the exposure to Transformco, the parent company of Sears and Sears Home Services, in early February. The databases were secured shortly after, though it remains unclear how long they were exposed or whether unauthorized parties accessed them. Transformco did not respond to requests for comment.
The incident highlights vulnerabilities in AI-driven customer service systems, where cost-saving measures may overlook critical security safeguards. The exposed data could be exploited for phishing scams, warranty fraud, or other targeted attacks, given the detailed personal and household information it contained.
Sears cybersecurity rating report: https://www.rankiteo.com/company/sears
Sears Home Services cybersecurity rating report: https://www.rankiteo.com/company/sears-home-services
"id": "SEASEA1773750849",
"linkid": "sears, sears-home-services",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Millions',
'industry': 'Home Appliance Repair',
'location': 'U.S.',
'name': 'Sears Home Services',
'size': 'Large (7 million repairs annually)',
'type': 'Corporation'}],
'attack_vector': 'Unsecured Database',
'data_breach': {'file_types_exposed': ['Audio (.mp3/.wav)', 'Text'],
'number_of_records_exposed': '5.1 million (3.7M chat logs + '
'1.4M audio files)',
'personally_identifiable_information': ['Names',
'Phone numbers',
'Home addresses'],
'sensitivity_of_data': 'High (PII, home addresses, appliance '
'details, repair schedules, ambient '
'audio)',
'type_of_data_compromised': ['Chat logs',
'Audio recordings',
'Text transcripts']},
'date_detected': '2025-02-early',
'description': 'Security researcher Jeremiah Fowler uncovered a major data '
'exposure involving Sears Home Services, the largest appliance '
'repair provider in the U.S. Three unsecured databases '
'containing 3.7 million chat logs, 1.4 million audio files, '
'and text transcripts were left publicly accessible online. '
'The exposed data included customer interactions with '
"'Samantha,' Sears’ AI virtual assistant, revealing personal "
'details such as names, phone numbers, home addresses, '
'appliance information, and repair appointment schedules. '
'Audio recordings captured ambient conversations beyond '
'intended customer service calls, raising significant privacy '
'risks.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': '3.7 million chat logs, 1.4 million audio '
'files, text transcripts',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential',
'systems_affected': "AI virtual assistant ('Samantha'), kAIros "
'technology'},
'investigation_status': 'Partially resolved (databases secured, but exposure '
'duration unclear)',
'lessons_learned': 'Vulnerabilities in AI-driven customer service systems can '
'lead to significant data exposure if security safeguards '
'are overlooked. Cost-saving measures must not compromise '
'data protection.',
'post_incident_analysis': {'corrective_actions': 'Databases secured, but '
'further measures needed to '
'prevent recurrence',
'root_causes': 'Misconfigured database access '
'controls, lack of security '
'oversight for AI systems'},
'recommendations': ['Implement strict access controls for databases',
'Regular security audits',
'Limit audio recording duration to intended interactions',
'Enhance monitoring for unauthorized access',
'Ensure compliance with data protection regulations'],
'references': [{'source': 'Jeremiah Fowler (Security Researcher)'}],
'regulatory_compliance': {'regulations_violated': ['Potential GDPR (if EU '
'customers affected)',
'Potential CCPA']},
'response': {'containment_measures': 'Databases secured after notification'},
'title': 'Sears Home Services AI Chatbot Exposed Millions of Customer '
'Conversations',
'type': 'Data Exposure',
'vulnerability_exploited': 'Misconfigured Database Access Controls'}