Only few details have been shared by the retailer as the investigation is ongoing. The company explained that it became aware of unauthorized access to some data after an employee was targeted in a ‘phishing scam’ in October.
The hacker gained access to data on a hard drive and some shared drives the targeted employee had access to. At this point in the investigation, there is no evidence that the compromised drives stored sensitive or personally identifiable information.