Mattress, Bathtub & Past confirms information breach following worker phishing assault • TechCrunch
[ad_1]
U.S. retail large Mattress, Bathtub & Past has confirmed unauthorized accessed to firm information after an worker was phished.
In an 8-Ok submitting to the U.S. Securities and Trade Fee, the house items retailer stated it grew to become conscious that an attacker had “improperly accessed” firm information after a profitable phishing rip-off focusing on an worker in October. This gave the hacker entry to information on the worker’s laborious drive and different shared drives to which the worker had entry.
The corporate stated within the submitting that it has “no motive to consider” that delicate or personally identifiable data was accessed or that this cybersecurity incident would have a fabric impression on the corporate, however didn’t present proof for this declare, and admitted that its investigation was ongoing.
When reached by TechCrunch, Mattress, Bathtub & Past chief authorized officer Arlene Hong, by way of a spokesperson who wouldn’t present their identify, declined to say how a lot information was stolen or what forms of information the attacker was in a position to entry. It additionally stays unclear whether or not the corporate has the technical means, corresponding to logs, to detect proof of exfiltration.
Mattress, Bathtub & Past additionally declined to offer any additional details about the phishing incident or the cybersecurity protections it has in place to guard towards such incidents.
This isn’t the primary time the U.S. retail large skilled an information breach. Mattress, Bathtub & Past stated in October 2019 that lower than 1% of on-line buyer accounts have been compromised and no clients’ cost playing cards have been impacted.
Source link