Phishing attack prompts breach at Bed, Bath & Beyond

Major U.S. home goods retailer Bed, Bath & Beyond has been impacted by a data breach stemming from a phishing attack against an employee, reports TechCrunch. Bed, Bath & Beyond discovered that its data was "improperly accessed" following a phishing attack targeted at an employee, from which the attacker gained hard drive and shared drive access, according to an 8-K filing submitted by the company to the U.S. Securities and Exchange Commission. No personally identifiable information or sensitive data is believed to have been compromised by the incident but Bed, Bath & Beyond has noted ongoing investigation on the data that may have been impacted by the attack. Meanwhile, no information regarding the amount or types of data accessed by the attacker was given by a spokesperson for Bed, Bath & Beyond Chief Legal Officer Arlene Hong. Aside from not disclosing any technical means to identify data exfiltration, the company has also refused to detail implemented cybersecurity measures.