"Bed Bath & Beyond Investigating Data Breach After Employee Falls for Phishing Attack"
Bed Bath & Beyond recently revealed in an SEC filing that it suffered a data breach after an employee fell victim to a phishing attack. The retailer has only shared a few details as the investigation is ongoing. The company stated that it became aware of unauthorized access to some data after an employee was targeted in a phishing scam in October. The company noted that the hacker gained access to data on a hard drive and some shared drives the targeted employee had access to. The company stated that at this point in the investigation, there is no evidence that the compromised drives stored sensitive or personally identifiable information. This is not the first time Bed Bath & Beyond has disclosed a cybersecurity incident. In 2019, the retailer revealed that some customer accounts had been breached. At the time, the company said hackers had obtained username and password combinations from a breach at a different company and relied on the fact that many people use the same credentials for multiple online accounts.