Digital Forensics Dispatch
Digital Forensics Blog
by Sensei Enterprises, Inc.
Bed, Bath, & Beyond Breach – Retailer Suffers Data Breach
November 1, 2022
Reuters recently reported that retailer, Bed, Bath & Beyond, suffered unauthorized access to their systems. The company addressed the concerns October 28, 2022, stating that a third party had gained access to its data.
The breach occurred through a rather common method – three guesses as to what it was. If you guessed phishing, you’d be correct. Phishing is when an attacker sends a fraudulent message to their victim pretending to be a reputable person or company. The message usually contains a link or attachment that leads to the downloading of malware or the harvesting of user credentials (usernames & passwords).
The potential attacker had access to an employee’s hard drive as well as access to some shared drives. The company is performing a review of its systems and data to see if an attacker accessed any sensitive or personally identifiable information (PII).
In a time when data breaches seem to occur daily, it’s a wonder that more companies haven’t embraced better security practices and protocols. Phishing attacks are the most common way that attackers gain access to a system. With good training, an employee can learn to spot an email that is a phishing email. If all else fails, it never hurts to validate the request with the person who sent the email in person or by a phone number known by you to be good, especially if it appeared to come from someone within the organization.
Phishing is a major threat, and if you’re looking for some good tips on cybersecurity awareness, I recommend checking out the Sensei Cybersecurity Awareness Handbook here.
Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology