Retail Chain 'Forever 21' Admits to Payment System Data Breach
Over the last few years, cashless transactions have been gaining in popularity, which has in turn brought about increasingly intensive efforts to breach payment systems. As it turns out, Forever 21, a low-cost fashion retailer, is among the latest enterprises to fall victim to unauthorized access to transaction data.
The breach, which occurred within an investigation period from early-April to mid-November 2017, affected a handful of Forever 21 stores and only those point-of-sale (POS) terminals whose encryption mechanism had somehow been missing in action. That security hole allowed for the installation of a specific type of malware tailored to harvest payment card details such as card number, verification code, date of expiry, and, in an undisclosed number of cases, cardholder name.
The Scope of the Breach
So far, Forever 21 has refrained from mentioning a precise number of hacked POS terminals, vaguely implying that "only one or a few" POS devices were breached "in some stores" in the United States within the investigation period from April 3 to November 18, 2017. However, the malware had also been present in some of the log devices responsible for collecting payment data in the event of disabled POS encryption. Since every Forever 21 store does have such a log device, the latter is very likely to keep a record of older transactions made before April 3, 2017. Therefore, if one or more of Forever 21's POS terminals were operating without encryption before the seven-month investigation period mentioned above, the log-planted malware is likely to have gathered those older data, as well. That is why the company has encouraged its customers to check their card statements for potential unauthorized charges and report them promptly. Online customers, on the other hand, do not need to worry as the breach did not spread to the retailer's webshop.
Considering that Forever 21 integrated a full-on encryption solution on all its POS devices in 2015, it is unclear why some of the terminals had this function switched off two years later. It is, by all means, a cause for concern and does not bode well for the retail chain and the level of security it provides for customers. Worst of all, this is not the first time Forever 21 has suffered a data breach. Approximately 100,000 customers reportedly had their card details compromised between 2004 and 2007 – a fact that seems to have been buried long ago as it is nowhere to be found on the official Forever 21 website now.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.