Bed Bath & Beyond found out in October that a phishing scam exposed its data to an unauthorized third party, the company said in an 8-K filing with the U.S. Securities and Exchange Commission (SEC) on Friday, October 28.
The American home goods chain said the attacker gained access to an employee’s hard drive and certain shared hard drives. It is unclear how many customers were affected by the incident.
Investigation Is Ongoing
Bed Bath & Beyond said it is still assessing the compromised drives to determine if they contain any personally identifiable information.
The company did not reveal the circumstances of the breach and exactly what data the threat actor accessed. However, it said there are no indications that the breach exposed any sensitive information.
“At this time the Company has no reason to believe that any such sensitive or personally identifiable information was accessed or that this event would be likely to have a material impact on the Company,” Bed Bath & Beyond noted in its 8-K Form.
The company filed the form with the SEC to announce its plan to put $150 million of its common stock up for sale.
Bed Bath & Beyond also disclosed a breach in a filing with the SEC in 2019. The company said a malicious actor got their hands on a username and password from an outside source and accessed the accounts of some of its customers.
Phishing Attacks Against High-Profile Targets
Bed Bath & Beyond is the latest high-profile company to fall victim to phishing or social engineering scams. This year, threat actors have targeted several leading companies, including Okta, Samsung, and Nvidia.
In September, an 18-year-old hacker gained access to Uber’s systems after a phishing attack on one of its employees exposed their login credentials. The hacker accessed several platforms the company uses to coordinate its operations, including its Amazon Web Services console, VMWare vSphere, and Google Workspace accounts.
Cybercriminals are increasingly targeting the employees of top companies, lured by the possibility of selling stolen information on the dark web or holding it ransom for vast sums of money.
In September, the U.S. Internal Revenue Service (IRS) warned of a significant rise in SMS phishing attacks this year. The IRS said cybercriminals use algorithmic tools to carry out large-scale phishing attacks.
One of the best ways to protect yourself against phishing is to learn how these scams work. Check out our articles on phishing and social engineering for some insightful tips on how to safeguard yourself and your company from this threat.
