Oct 31 — Not the decorative throw pillows, corner ladder bookcases and single-serve coffee makers! In the U.S., retail giant Bed, Bath & Beyond confirmed that a data breach occurred following a phishing attack. The home goods retailer stated that it became aware of the attack after observing that company data was “improperly accessed.”
BBB data breach
Bed, Bath and Beyond has “no reason to believe” that sensitive or personally identifiable information was observed, exfiltrated or otherwise misused by the hacker. At present, the cyber security incident is not expected to have a material impact on the company, according to representatives.
However, the company did not provide evidence around the aforementioned claim, and in an 8-K filing with the U.S. Securities and Exchange Commission, noted that the investigation remains ongoing. Shares of the company were down by roughly 5% in pre-market trading after the company filed to offer $150 million of common stock.
Phishing attack
The phishing episode enabled the hacker to gain access to the employee’s hard drive and other shared drives.
Legal response
Bed, Bath and Beyond’s chief legal officer, Arlene Hong, communicated via spokesperson that the company declines to say how much data was stolen or what types of data the hacker gained access to. Uncertainty also continues to shroud whether the company has the technical means to detect evidence of data exfiltration.
No information is available regarding the phishing prevention protocols that the company had in-place. Or conversely, those that it may have lacked.
More information
Bed, Bath and Beyond’s first data breach occurred in October of 2019, during which less than 1% of online customer accounts were compromised. At that time, customers’ payment cards were not affected.
For more information on this story, visit CNBC. Phishing attacks can affect any organization. Read CyberTalk.org’s phishing prevention eBook. Lastly, discover new trends, expert interviews, and so much more – subscribe to the CyberTalk.org newsletter.