After the American fashion outlet announced that it had experienced a data breach at some of its locations, the clothing company Forever 21 is advising consumers to keep a careful look on their credit card bills. The advice comes after Forever 21 warned that some of its stores had been affected.
Forever 21 disclosed, in a short statement that was published on the company’s website, that it had obtained information from a third party indicating that the company’s security may have been breached. There are around 500 physical sites of Forever 21, in addition to an online shop. After a large-scale theft of credit card details from its shop point-of-sale equipment in 2017, this is the second data breach that has occurred in recent years for the company.
After further examination, it was discovered that despite the fact that the firm had implemented encryption and enhanced security measures in 2015 in response to a string of attacks against other shops, “certain point of sale devices in some Forever 21 stores were affected” because encryption “was not in operation.”
According to the firm, it is currently in the process of collecting evidence, and it is too soon to release any other information at this time, including which specific locations may have been compromised and the time periods during which consumers may have been placed at danger.In 2008, the United States Department of Justice brought charges against a group of individuals who were responsible for stealing the credit card information of hundreds of millions of customers from large stores such as TJ Maxx, Barnes & Noble, Boston Market, and Forever 21.
Forever 21 alerted 539,207 persons, according to the notification, that the data breach included their name, date of birth, bank account number, and Social Security number, as well as information about workers’ Forever21 health plan, including enrollment and premiums paid.
Forever 21 did not provide any further details on the issue beyond the fact that one of its computer systems had been compromised, but the company did say that “Forever 21 has taken steps to help assure that the unauthorized third party no longer has access to the data.” It is not quite obvious how Forever 21 came to declare that they have assurance. Because of the notice’s unclear phrasing, it is possible to infer that the corporation paid the hacker in return for the data being deleted.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.