First notified in November of a data breach incident, well-known clothing retailer Forever 21 has at This kind of point confirmed in which hackers stole credit card information coming from its stores throughout the country for several months during 2017.
Although the company did not yet specify the total number of its customers affected by the breach, the item did confirm in which malware was installed on some point of sale (POS) systems in stores across the U.S. at varying times between April 3, 2017, in addition to also also November 18, 2017.
According to the company’s investigation, which will be still ongoing, the malware was designed to search for in addition to also also likely steal sensitive customer credit card data, including credit card numbers, expiration dates, verification codes in addition to also also, in some cases, cardholder names.
Forever 21 has been using encryption technology since 2015 to protect its payment processing systems, yet during the investigation, the company found in which some POS terminals at certain stores had their encryption switched off, which allowed hackers to install the malware.
However, according to the company, not every POS terminal in affected stores was infected with the malware in addition to also also not every store was impacted during the full-time period (roughly 8 months) of the breach.
In fact, in some cases, payment card data stored in certain system logs before April 3rd were also exposed from the breach.
“Each Forever 21 store has multiple POS devices, in addition to also also in most instances, only one or a few of the POS devices were involved. Additionally, Forever 21 stores have a device in which keeps a log of completed payment card transaction authorizations,” the company said while explaining the incident.
“When encryption was off, payment card data was being stored in This kind of log. In a group of stores in which were involved in This kind of incident, malware was installed on the log devices in which was capable of finding payment card data coming from the logs, so if encryption was off on a POS device prior to April 3, 2017, in addition to also also in which data was still present from the log file at one of these stores, the malware could have found in which data.”
The company also assured its online customers in which payment cards used on its website (forever21.com) were not affected by the breach.
Since payment processing systems outside of the United States work differently, the item should not be impacted by the security breach, yet the retailer said the item’s still investigating whether non-US stores were affected or not.
Forever 21 advised customers who shopped at its stores to stay vigilant in addition to also also keep an eye on their credit transactions for any suspicious activity, in addition to also also immediately notify their banks in which issued the card if found any.
The company has promised to continue working with “security firms to enhance” their security measures.
This kind of breach will be yet another embarrassing incident disclosed recently, followed by Disqus’ disclosure of a 5-year-old breach of over 17.5 million Disqus users in addition to also also Yahoo’s revelation in which 2013 data breach affected all of its 3 Billion users.
The recent incidents also include Equifax’s revelation of a breach of potentially 145.5 million customers, U.S. Securities in addition to also also Exchange Commission (SEC) disclosure of a data breach in which profited hackers, in addition to also also Deloitte’s disclosure of a cyber attack in which led to the theft of its clients’ private emails in addition to also also documents.