American retail giant Bed, Bath & Beyond has suffered a data breach (opens in new tab)the company confirmed in an 8-K filing with the US Securities and Exchange Commission (SEC), albeit with somewhat conflicting statements.
In its filing, the company said it discovered a successful phishing attack on one of its employees. The unknown attacker managed to access a hard drive and some shared drives that the affected employee had access to.
But this is where it gets contradictory: In the same paragraph, the company says it analyzes the stolen data to determine whether the stolen batch contains sensitive or personally identifiable information and that it has “no reason to believe” it was such data is accessed.
Details are rare
Although the investigation is ongoing, Bed, Bath & Beyond states that there is no reason to believe this event is “likely to have a material impact” on the company.
Aside from this statement, the company did not provide any further details. The media tried in vain to find out the amount and nature of the stolen data. Additionally, the company declined to comment on whether it has the technical means to detect any evidence of exfiltration at all. TechCrunch reported.
> Top data breaches and cyberattacks of 2022
> Samsung confirms data breach, personal customer data stolen
> These are currently the best firewalls (opens in new tab)
This isn’t the first time the company has been hit by a data breach. In fact, the company also disclosed a data breach via an 8-K filing with the SEC pretty much exactly three years ago (on October 29, 2019).
At the time, it said it discovered a third party acquiring email and password information from a source “outside the company’s systems,” which was subsequently used to access less than 1% of the company’s online customer accounts. Although they accessed sensitive information, the attackers have not obtained any customer payment card information, it has been confirmed. As a result, Bed, Bath & Beyond did not anticipate that the data breach would result in significant harm.
- This is the best endpoint protection (opens in new tab) services around
Above: TechCrunch (opens in new tab)
This article was previously published on Source link