US-based homeware retailer Bed Bath & Beyond has confirmed that an outside party has improperly accessed its data.

The third party reportedly accessed the hard drive and certain shared drives of one of its employees this month through a phishing scam.

Bed Bath & Beyond said it was reviewing the data that was accessed to see if the drives contained any sensitive or personally identifiable information.

The retailer said that it currently has no reason to believe that any sensitive or personally identifiable information was accessed.

It has also not ruled out the possibility of a material impact on the company.

Bed Bath & Beyond is an omnichannel retailer with a total of 955 stores, including 768 Bed Bath & Beyond stores as of 27 August.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The company also sells online at,,,, and

Last month, it reported net sales of $1.43bn for the second quarter (Q2) of fiscal 2022 (FY22), down by 28% from $1.98bn a year earlier.

The data breach at Bed Bath & Beyond comes after Australian supermarket chain Woolworths confirmed this month that millions of customers of its MyDeal subsidiary had been impacted by a major data breach.

Woolworths said that its customers’ data were exposed after a compromised user credential was used to gain unauthorised access to MyDeal’s Customer Relationship Management (CRM) system.

The breach is thought to have affected around 2.2 million customers.

In April this year, Funky Pigeon, the online greetings and gift card business of British retailer WHSmith, temporarily stopped taking orders after a cyberattack affected part of its systems.

Funky Pigeon took its systems offline as a precaution following the incident, which affected part of the company’s systems.

The company said that customer payment data with Funky Pigeon, including bank account and credit card details, were not compromised due to the incident.