Forever 21 confirms breach exposed customer credit card info

Published:
Updated:

A breach at Forever 21 left customer payment card information exposed to hackers, the retailer confirmed in a press release. The company didn't specify how many customers had information stolen, but said various point of sales terminals were affected between April 3 and November 18, 2017. Hackers collected credit card numbers, expiration dates, verification codes and sometimes cardholder names.

"We regret this incident occurred and any concern this may have caused you," the company said Thursday.

In its notification to customers, Forever 21 said hackers installed malicious software on some point of sales terminals in stores throughout the country. It's an update to a Nov. 14 announcement saying the company may have been targeted by hackers. The breach is another example of how cybercriminals are targeting major retailers by hacking the systems that process your credit and debit cards, despite companies' efforts to make that harder to do. Fast food chain Chipotle was hit by a similar hack in 2017, as was video game retailer GameStop.

Companies have technologies in place to foil hackers, but they don't always work. Forever 21 said its point of sales terminals, which cashiers use to swipe customers' cards, are supposed to be encrypted. That means anyone intercepting the information would be unable to read it. But sometimes, that encryption was turned off, Forever 21 said in its notification.

The result: hackers who'd infected the machines with their tools could collect credit card numbers, expiration dates and internal verification codes. At times, they could also collect the customer's name, Forever 21 said in its notification.

There's an ongoing law enforcement investigation into the hack, the company said in its update.

Filed under: