Forever 21 (private) has put out a warning that its POS systems were hacked and a large amount of credit card information may have been stolen from customers.
The retail chain hasn’t confirmed how much information has been accessed by hackers or how many customers were affected, but it has reported that this year, between April 3 and November 18, a large number of POS terminals were hacked. The breach occurred only in stores in the US and not every store across the country was infected, nor was every POS system at a breached store location hacked. For the most part, cardholder names were not obtained, although Forever 21 admits that some were; what it does confirm was that card numbers, expiration dates, and verification codes were taken.
How did this happen? Something went wrong with the encryption process that normally protects credit card information from such attacks on the affected POS terminals, allowing them to be vulnerable to malware attacks. Some systems may not have been infected for the entire time period given by the clothing company, but there may also be certain instances where credit card data was exposed despite being logged prior to April 3.
Forever 21 has confirmed that the breach occurred in the US and the company is currently undergoing investigations into whether or not any further breaches occurred outside of the US as well. Systems outside of the US use a different payment processing system than those in the US, so the company is hopeful that the breach did not leak out of America. Forever 21 has confirmed that the breach did not affect any purchases made through its website.
The company said, “in addition to addressing encryption, Forever 21 is continuing to work with security firms to enhance its security measures. We also continue to work with the payment card networks so that the banks that issue payment cards can be made aware of this incident. Lastly, we will continue to support law enforcement’s investigation of this incident.”
Featured Image: depositphotos/wolterke