Bed Bath & Beyond is notifying customers who made purchases at one of their New York stores that their payment card data may have been compromised. The breach affects only those shopping at 1932 Broadway in New York City between March 7 and August 3, 2015. The breach involves one apparently rogue cashier, and not all customers who shopped during that time period are impacted.
The employee has since been removed from the store and law enforcement was notified.
Customers who used their cards at the store during that period are encouraged to notify their card’s issuing bank “so that they can either reissue your card or take other precautionary measures to protect your account.” The store reports that they have no way of knowing whether any of the payment cards have been misused or will be misused.
A copy of the notification template is available on the Vermont Attorney General’s web site.
While this incident appears to be isolated to one employee at one store, this is not the first rogue employee incident of this kind reported by the retailer. See this report from December 2013.