US retail giant Bed, Bath & Beyond has suffered a flaw data breach (Opens in a new tab)the company confirmed in its 8-K filing with the US Securities and Exchange Commission (SEC), albeit with somewhat conflicting statements.
In its filing, the company said it had discovered a successful file phishing An attack on one of its employees. An unknown threat actor gained access to a file hard diskas well as some shared drives that the affected employee has access to.
But here’s where it conflicts: In the same paragraph, the company says it analyzes the stolen data to see if there was any sensitive or personal information in the stolen payment, and that it had “no reason to believe” that such data was accessed.
Details are scarce
In fact, although the investigation continues, Bed, Bath & Beyond says it has no reason to believe this event is “likely to have a material impact” on the company.
Other than this statement, the company did not provide any additional details. The media reached out to find out the amount and type of data stolen, to no avail. Furthermore, the company declined to comment on whether it had the technical means to even uncover evidence of the intrusion, Take Crunch mentioned.
This isn’t the first time the company has experienced a data breach. In fact, nearly three years ago (on October 29, 2019), the company also disclosed a data breach via an 8-K file with the SEC.
At the time, it said it discovered a third party obtaining email and password information from a source “outside the company’s systems,” which were later used to access less than 1% of the company’s online customer accounts. While they accessed sensitive information, the attackers did not obtain the customer’s payment card information, it was confirmed. As a result, Bed, Bath & Beyond did not expect the data breach to cause any significant damage.
Across: Take Crunch (Opens in a new tab)