Bed Bath & Beyond revealed last week in an SEC filing that it recently suffered a data breach after an employee fell victim to a phishing attack.
Only few details have been shared by the retailer as the investigation is ongoing. The company explained that it became aware of unauthorized access to some data after an employee was targeted in a ‘phishing scam’ in October.
The hacker gained access to data on a hard drive and some shared drives the targeted employee had access to. At this point in the investigation, there is no evidence that the compromised drives stored sensitive or personally identifiable information.
“At this time the Company has no reason to believe that any such sensitive or personally identifiable information was accessed or that this event would be likely to have a material impact on the Company,” Bed Bath & Beyond said.
News of the hack came to light in an SEC filing where the company announced an offer to sell up to $150 million worth of stock.
This is not the first time Bed Bath & Beyond has disclosed a cybersecurity incident. In 2019, the retailer revealed that some customer accounts had been breached. At the time, it said hackers had obtained username and password combinations from a breach at a different company and relied on the fact that many people use the same credentials for multiple online accounts.
Related: Retail Giant Woolworths Discloses Data Breach Impacting 2.2 Million MyDeal Customers
Related: Twilio Says Employees Targeted in Separate Smishing, Vishing Attacks
Related: Breached American Airlines Email Accounts Abused for Phishing

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
Latest News
- Chrome 114 Released With 18 Security Fixes
- Organizations Warned of Backdoor Feature in Hundreds of Gigabyte Motherboards
- Breaking Enterprise Silos and Improving Protection
- Spyware Found in Google Play Apps With Over 420 Million Downloads
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
- Barracuda Zero-Day Exploited to Deliver Malware for Months Before Discovery
- PyPI Enforcing 2FA for All Project Maintainers to Boost Security
- Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
