US-based homeware retailer Bed Bath & Beyond has confirmed that an outside party has improperly accessed its data.

The third party reportedly accessed the hard drive and certain shared drives of one of its employees this month through a phishing scam.

Bed Bath & Beyond said it was reviewing the data that was accessed to see if the drives contained any sensitive or personally identifiable information.

The retailer said that it currently has no reason to believe that any sensitive or personally identifiable information was accessed.

It has also not ruled out the possibility of a material impact on the company.

Bed Bath & Beyond is an omnichannel retailer with a total of 955 stores, including 768 Bed Bath & Beyond stores as of 27 August.

The company also sells online at,,,, and

Last month, it reported net sales of $1.43bn for the second quarter (Q2) of fiscal 2022 (FY22), down by 28% from $1.98bn a year earlier.

The data breach at Bed Bath & Beyond comes after Australian supermarket chain Woolworths confirmed this month that millions of customers of its MyDeal subsidiary had been impacted by a major data breach.

Woolworths said that its customers’ data were exposed after a compromised user credential was used to gain unauthorised access to MyDeal’s Customer Relationship Management (CRM) system.

The breach is thought to have affected around 2.2 million customers.

In April this year, Funky Pigeon, the online greetings and gift card business of British retailer WHSmith, temporarily stopped taking orders after a cyberattack affected part of its systems.

Funky Pigeon took its systems offline as a precaution following the incident, which affected part of the company’s systems.

The company said that customer payment data with Funky Pigeon, including bank account and credit card details, were not compromised due to the incident.