Bed Bath & Beyond Discloses Data Breach
Bed Bath & Beyond announced yesterday that it has been affected by a data breach, reports Fox Business. The home goods retailer disclosed in a SEC filing that email addresses and passwords from roughly 1 percent of its online customers’ accounts were accessed by an outside, unauthorized source. Payment card information was reportedly not affected, and the date of the breach wasn't disclosed. Bed Bath & Beyond notified affected customers via email and announced it hired a security forensics firm to investigate the breach.
Total Retail's Take: Data privacy is a big issue for consumers, and unfortunately retailers are a prime target for hackers. Bed Bath & Beyond's data breach is a reminder to other retailers to take security seriously and evaluate possible weak points in e-commerce systems where hackers could gain access to private customer information. Each new data data breach draws negative consumer attention to the affected brand, sometimes burning retailers badly when shoppers lose trust and abandon the brand altogether.
Colin Bastable, CEO of security training and awareness company Lucy Security, comments that for online data breaches "the most likely point of entry is through a third-party supplier of services to the company, and the odds are over 90 percent in favor of the attack being initiated by a phishing email, perhaps a spoof email, one that appears to be from someone else." Therefore, retailers need to remind their employees to be vigilant in spotting scam emails and cautious when using work email addresses on third-party websites.