Bed, Bath, and Beyond Struck by a Phishing Attack

Phishing hackers have struck again; this time, US retail brand, Bed, Bath & Beyond has fallen prey to the attack. 

Only a few details are available to the broader public; however, there is much more than meets the eye.

What Happened During the Phishing Attack?

As per reports, during the phishing attack, a third party inappropriately gained access to the company’s internal hard drive and shared drives through one of its employees.

Additionally, the company has shared a few other details, including the total number of impacted people, the extent of the hack, and the nature of the leaked information.

Despite repeated attempts to protect their data, they have fallen prey to the attack. During their investigation, the company is trying to confirm if the compromised data consists of any personally identifiable information. There are constant attempts to recognize any direct impact on its customers’ information.

Bed, Bath & Beyond’s spokesperson did not provide any relevant information to support the ongoing investigation and whether they have any logs to support their exfiltration evidence. Get more details on Cybersecurity and Phishing Statistics for 2022 that are extremely important to know in the world of cybersecurity. 

Repercussions of the Phishing Attack

There have been a few notable changes in the company following the breach. The customer and technology chief, Rafeh Masood, has decided to step down after the breach. Rafeh will officially step down from his position effective December 2, 2022.

Bed, Bath & Beyond’s name and finances have been tumultuous after the breach. As a result, the retail brand’s products are tumbling, leading to a reshuffle in the internal hierarchy.

The company’s shares have gone down by 5% in premarket trading after filing $150 million of common stock.

Some Similar Data Breaches in 2022

The news of the breach came after Australian supermarket chain Woolworths confirmed a data breach on its data. MyDeal, one of Woolworths’s subsidiaries, was heavily compromised via its Customer Relationship Management (CRM) software

More than 2.2 million customers had a direct impact during the breach. 

This breach was similar in terms of the modus operandi. The hacker used a compromised user’s credentials to gain unlawful access to MyDeal’s CRM.

Along the same lines, there was yet another data breach. Funky Pigeon, an online British greeting and gift card business, stopped its business operations after incurring a cyberattack

Thankfully, the company reported that none of its customers’ financial details was affected during the breach. 

Phishing History Repeats Itself with Bed, Bath & Beyond

Bed Bath & Beyond Inc BBBY.O has been in the news repeatedly for its cybersecurity breaches. 

In 2019, a third party accessed a few of its online customer accounts. During the breach, a third-party agent wrongfully gained access to the emails and passwords of its online customers.

As per the company’s investigation, the hacker obtained the compromised usernames and passwords from a different source/website external to the retail outlet’s online website. 

The company’s speculations about the breach continue unabated. As per them, these hacked account details are being used on the US brand’s website to compromise their customers’ accounts. 


Bed, Bath & Beyond’s name has become synonymous with data breaches. However, no concrete data is available about the newest data security breach to come to a solid conclusion.

Only time shall tell the breach’s extent and how it impacts the retail outlets’ online presence. Some details are already evident with the brand’s SEC filings and reduced share prices. Read more about types of phishing attacks and secure your mobile app from attacks. 


Published on Nov 3, 2022
Shivani Dhiman
Written by Shivani Dhiman
Content Marketing Manager at Appknox


Chat With Us

Using Other Product?

Switch to Appknox

2 Weeks Free Trial!

Get Started Now