Bed Bath & Beyond, a large retailer, confirmed in an SEC filing last week that it suffered from a data breach after an employee fell for a phishing attack. The retailer has only revealed a few details as it works to investigate the full extent of the attack. Bed Bath & Beyond stated that it became aware of the unauthorized access to some data after an employee was targeted in the phishing scam at some point in October.
The attacker reportedly gained access to data stored on a hard drive and some shared drives that the employee had access to. The retailer stated that there is no evidence to believe that the drives accessed by the attacker contained sensitive or personally identifiable information belonging to customers.