Bed, Bath and Beyond confirms another major data breach
American retail giant Bed, Bath & Beyond has suffered a data breach (opens in new tab), the company has confirmed in an 8-K filing to the U.S. Securities and Exchange Commission (SEC), albeit with somewhat conflicting statements.
In its filing, the company said that it discovered a successful phishing attack against one of its employees. The unknown threat actor managed to access a hard drive, as well as some shared drives, to which the affected employee had access.
But here is where it gets conflicting: In the same paragraph, the company says it’s analyzing the stolen data to see if there were any sensitive or personally identifiable information in the stolen batch, and that it has “no reason to believe” such data was accessed.
Details are scarce
In fact, even though the investigation is ongoing, Bed, Bath & Beyond says it has no reason to believe this event “would be likely to have a material impact” on the company.
Other than this statement, the company provided no additional details. The media reached out to find out the amount and type of stolen data, to no avail. Furthermore, the company declined to comment if it has the technical means to even detect evidence of exfiltration, TechCrunch reported.
This is not the first time the company has suffered a data breach. In fact, almost exactly three years ago (on October 29, 2019), the company also disclosed a data breach via an 8-K filing with the SEC.
Back then, it said it discovered a third party acquiring email and password information from a source “outside of the company’s systems”, which was subsequently used to access less than 1% of the company’s online customer accounts. While they did access sensitive information, the attackers did not get customer payment card information, it was confirmed. As a result, Bed, Bath & Beyond did not expect the data breach to result in any significant damages.
Via: TechCrunch (opens in new tab)
Audio player loading… American retail giant Bed, Bath & Beyond has suffered a data breach (opens in new tab), the company has confirmed in an 8-K filing to the U.S. Securities and Exchange Commission (SEC), albeit with somewhat conflicting statements. In its filing, the company said that it discovered a…
Recent Posts
- NYT Strands today — hints, answers and spangram for Thursday, May 16 (game #74)
- iOS 17.5 is reportedly resurfacing once deleted photos for some users
- Arizona accuses Amazon of being a monopoly and deceiving consumers with ‘dark patterns’
- Android 15’s second beta release lets users lock down access to private apps
- Apple’s next accessibility features let you control your iPhone and iPad with just your eyes
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011