The American home goods chain said the attacker gained access to an employee’s hard drive and certain shared hard drives. It is unclear how many customers were affected by the incident.
Investigation Is Ongoing
Bed Bath & Beyond said it is still assessing the compromised drives to determine if they contain any personally identifiable information. The company did not reveal the circumstances of the breach and exactly what data the threat actor accessed. However, it said there are no indications that the breach exposed any sensitive information. “At this time the Company has no reason to believe that any such sensitive or personally identifiable information was accessed or that this event would be likely to have a material impact on the Company,” Bed Bath & Beyond noted in its 8-K Form. The company filed the form with the SEC to announce its plan to put $150 million of its common stock up for sale. Bed Bath & Beyond also disclosed a breach in a filing with the SEC in 2019. The company said a malicious actor got their hands on a username and password from an outside source and accessed the accounts of some of its customers.
Phishing Attacks Against High-Profile Targets
Bed Bath & Beyond is the latest high-profile company to fall victim to phishing or social engineering scams. This year, threat actors have targeted several leading companies, including Okta, Samsung, and Nvidia. Cybercriminals are increasingly targeting the employees of top companies, lured by the possibility of selling stolen information on the dark web or holding it ransom for vast sums of money. In September, the U.S. Internal Revenue Service (IRS) warned of a significant rise in SMS phishing attacks this year. The IRS said cybercriminals use algorithmic tools to carry out large-scale phishing attacks. One of the best ways to protect yourself against phishing is to learn how these scams work. Check out our articles on phishing and social engineering for some insightful tips on how to safeguard yourself and your company from this threat.