According to a report from CNET, Forever 21, the widely popular retail store, experienced a breach in their payment system. The retail store revealed and confirmed this week that been April 3rd and November 18th of this year, a number of point of sale terminals at its stores across the US were breached and compromised. While Forever 21 hasn’t given us specific numbers as to how many customers were affected, they did say that in most cases, card numbers, expiration dates and verification codes were taken by hackers, but not cardholder names.
As you’d expect, encryption is usually used by the store to protect its payment processing systems, but it appear that in some stores, the encryption was sometimes turned off, which opened the way for malware to affect Forever 21’s point of sale terminals. It’s worth mentioning that not every terminal in every store was affected with the malware and now every store was impacted during the period of the breach. It appears that in some cases, credit card data stored in certain system lots prior to the April 3rd date were also exposed.
Forever 21 has said that payment systems outside the US work differently but it’s also investigating whether non-US stores were also compromised. If you made purchases through its website, you weren’t affected but this breach.
In a statement, Forever 21 said, “In addition to addressing encryption, Forever 21 is continuing to work with security firms to enhance its security measures. We also continue to work with the payment card networks so that the banks that issue payment cards can be made aware of this incident. Lastly, we will continue to support law enforcement’s investigation of this incident.”