>
US retail giant Bed, Bath & Beyond has faced a data breach (opens in new tab)has confirmed the company in an 8-K filing with the U.S. Securities and Exchange Commission (SEC), albeit with somewhat contradictory statements.
In the report, the company said it had discovered a successful phishing attack on one of its employees. The unknown threat actor managed to access a hard drive, as well as some shared drives, which the affected employee had access to.
But here’s where it gets conflicted: In the same paragraph, the company says it’s analyzing the stolen data to see if there was any sensitive or personally identifiable information in the stolen batch, and that it “has no reason to believe” that such data was being accessed. .
Details are scarce
While the investigation is still ongoing, Bed, Bath & Beyond says it has no reason to believe this event is “likely to have a material impact” on the company.
Other than this statement, the company has not provided any additional details. The media tried in vain to find out the amount and type of stolen data. In addition, the company declined to comment if it has the technical resources to even detect evidence of exfiltration, TechCrunch reported.
This is not the first time the company has faced a data breach. In fact, almost exactly three years ago (on October 29, 2019), the company also disclosed a data breach via an 8-K filing with the SEC.
At the time, it said it discovered a third party acquiring email and password information from a source “outside the company’s systems”, which was then used to access less than 1% of the company’s online customer accounts. Although they had access to sensitive information, the attackers did not receive payment card details from customers, it was confirmed. Bed, Bath & Beyond therefore did not expect that the data breach would lead to significant damage.
Through: TechCrunch (opens in new tab)