On Monday, Walmart said someone outside the company created fake accounts on its site using the email addresses of the individuals in question. That prompted an auto-generated email from the company that contained the racial slur.
Walmart did not say how many people received the emails, but dozens of people tweeted they got them.
“We are very sorry that you received an offensive and unacceptable email,” Janey Whiteside, Walmart’s chief customer officer, said in an email to those who had received the message. “We are working to update the account sign-up process to ensure that something like this doesn’t happen again.”
Whiteside said that the fake accounts will be deleted.
“Again, we know the email sent was appalling and strongly believe those words should never be used,” she said. “We’re looking into all available means to hold those responsible accountable.”
It’s easy enough for bad actors to find people’s addresses online, something consumers should be aware of when they receive unexpected emails.
“The actors likely acquired email addresses from an easily and freely available ‘dump’ from a historical third-party compromise,” Vikram Thakur, technical director at Symantec, the security software firm owned by Broadcom, told CNN Business Monday.
CNN’s Clare Duffy contributed to this report.