Home goods retailer Bed Bath & Beyond yesterday disclosed in a Securities & Exchange Commission 8-K filing that an unauthorized third party illegally accessed one percent of its online customers’ accounts.
The online intruder acquired the account emails and passwords from a “source outside the company’s systems,” the Union Township, N.J. retailer reported. Based on this account, the incident may have therefore been a case of credentials stuffing, or a third-party data breach or phishing attack.
Payment card information was reportedly not affected.
Bed Bath & Beyond said that in response to the unauthorized access, it hired a forensics firms to investigate, “implemented remedial measures” and “sent notifications to certain customers as required by applicable legal requirements.”
“Due to the limited nature of the security incident and the company’s cyber incident insurance coverage, the company does not expect this security incident to have a material adverse effect on its results of operations, cash flows or financial condition for any fiscal period,” the retailer stated in the filing.
Colin Bastable, CEO of security training and awareness ..
Support the originator by clicking the read the rest link below.
