Digital Forensics Dispatch

Bed, Bath, & Beyond Breach – Retailer Suffers Data Breach

November 1, 2022

Reuters recently reported that retailer, Bed, Bath & Beyond, suffered  unauthorized access to their systems. The company addressed the concerns October 28, 2022, stating that a third party had gained access to its data.

The breach occurred through a rather common method – three guesses as to what it was. If you guessed phishing, you’d be correct. Phishing is when an attacker sends a fraudulent message to their victim pretending to be a reputable person or company. The message usually contains a link or attachment that leads to the downloading of malware or the harvesting of user credentials (usernames & passwords).

The potential attacker had access to an employee’s hard drive as well as access to some shared drives. The company is performing a review of its systems and data to see if an attacker accessed any sensitive or personally identifiable information (PII).

In a time when data breaches seem to occur daily, it’s a wonder that more companies haven’t embraced better security practices and protocols. Phishing attacks are the most common way that attackers gain access to a system. With good training, an employee can learn to spot an email that is a phishing email. If all else fails, it never hurts to validate the request with the person who sent the email in person or by a phone number known by you to be good, especially if it appeared to come from someone within the organization.

Phishing is a major threat, and if you’re looking for some good tips on cybersecurity awareness, I recommend checking out the Sensei Cybersecurity Awareness Handbook here.

Email:    Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensic