It just takes one employee to fall for a phishing email to compromise a company. Although it doesn't appear that customer data was exposed, this was a time consuming and costly scam for Bodybuilding.com to incur. 

Last week, Bodybuilding.com disclosed a security breach that impacted its IT systems. Investigators traced the unauthorized activity to a phishing email its staff received in July 2018. 

Customer data might have been exposed, but forensics experts could not confirm that customer data was stolen from the site’s servers. “Hackers used the data they obtained from this phishing email to access the company's network in February 2019. 

Bodybuilding.com didn't say when it detected the intrusion, but it said it finished its investigation on April 12. It went public with the security breach a week later, on April 19.” 

The company was responsible to notify all their customers of the security incident and reset user passwords.