Data Breach at Forever 21 Affects Customer Credit Card Information
In November 2017, Forever 21, the prominent retail clothing chain, reported a significant data breach that has now been confirmed to have compromised customer credit card information across multiple store locations in the United States for several months during the same year. The company has acknowledged that hackers exploited vulnerabilities in their point-of-sale (POS) systems, placing malware designed to capture sensitive payment information.
While Forever 21 has not disclosed the exact number of affected customers, the company confirmed that malware was active on its POS systems at various times between April 3, 2017, and November 18, 2017. The ongoing investigation suggests that the malware was engineered to find and extract critical customer data, including credit card numbers, expiration dates, verification codes, and, in certain cases, cardholder names.
Despite implementing encryption technology to protect payment processing since 2015, the investigation unveiled that some POS terminals at select locations had their encryption disabled. This lapse allowed malware to be installed, facilitating data theft. It is important to note that not every terminal was compromised, nor was every store impacted throughout the entire breach duration.
In certain instances, stored payment card data in system logs prior to April 3, 2017, were also vulnerable. The company clarified, “Each Forever 21 store has multiple POS devices, and only one or a few of them were typically involved. Additionally, we maintain logs of completed payment transactions.” They further explained that when encryption was turned off, these logs could store sensitive data, potentially allowing malware to access information if it was present before April.
Forever 21 has reassured its online customers that transactions conducted through its website remain secure and were not affected by this breach. The retailer is continuing its investigation to determine if non-U.S. stores experienced any similar issues.
In light of this breach, Forever 21 urges customers to remain vigilant. They advise monitoring credit transactions for unusual activities and to inform their card-issuing banks if anything suspicious is detected. The company has committed to enhance its security measures in collaboration with cybersecurity experts.
This incident marks yet another in a series of high-profile data breaches, including recent revelations involving Disqus, Yahoo, and Equifax, which have raised significant concerns about data security across various industries. The connection to the MITRE ATT&CK framework suggests that initial access and lateral movement were key tactics employed in this attack, further emphasizing the necessity for robust defenses against evolving cyber threats. Business owners should take this incident as a critical reminder of the importance of maintaining secure payment systems and the potential risks posed by malware targeting customer data.
