Bed, Bath and Beyond has suffered a data breach that allegedly impacted less than 1% of the company’s customer accounts. The firm said in an SEC filing that it “discovered that a third party acquired email and password information from a source outside of the company’s systems which was used to access … customers’ online accounts.” Affected customers have been notified of the incident.
The company said that the breach did not impact payment card data, but did not specify what information has been compromised and generally declined to provide further details about the breach. Some analysts suggested that the breach may have resulted from a supply-chain attack, meaning that Bed, Bath and Beyond was breached after the attackers compromised a third-party vendor or service provider.
Read more: Murky Details Surround Bed, Bath and Beyond Breach