Forever 21 Breach: Hackers Accessed Credit Card Information Throughout Most Of 2017
Sealing a year plagued by cybersecurity incidents, Forever 21 confirmed Thursday that hackers stole credit card information from its stores throughout most of 2017.
The retailer initially reported the breach on Nov. 14. The company said at the time it had been notified by a third party group about the possibility of an attack in mid-October, which led the retailer to launch an investigation. The clothing company announced last month it suffered a security breach that gave hackers access to customers’ credit card information from multiple Forever 21 stores.
The company said on Thursday hackers were able to gather personal information, like card number, expiration date, internal verification code and sometimes the cardholder’s name. The retailer said its encryption technology, which has been used since 2015, on some point-of-sale (POS) devices at some stores was not always on. At the same time, malware was installed on some POS devices.
Forever 21’s notification to customers said:
“The investigation determined that the encryption technology on some point-of-sale (POS) devices at some stores was not always on. The investigation also found signs of unauthorized network access and installation of malware on some POS devices designed to search for payment card data. The malware searched only for track data read from a payment card as it was being routed through the POS device. In most instances, the malware only found track data that did not have cardholder name – only card number, expiration date, and internal verification code – but occasionally the cardholder name was found.”
The company did not say how many customers were affected by the hack, but indicated that some point of sales devices were affected between April 3- Nov. 18. For some stores the scenario occurred for a few days or several weeks, while in other stores the incident happened for most or all of the time period.
The company further explained the incident:
“Each Forever 21 store has multiple POS devices, and in most instances only one or a few of the POS devices were involved. Additionally, Forever 21 stores have a device that keeps a log of completed payment card transaction authorizations. When encryption was off, payment card data was being stored in this log. In a group of stores that were involved in this incident, malware was installed on the log devices that was capable of finding payment card data from the logs, so if encryption was off on a POS device prior to April 3, 2017 and that data was still present in the log file at one of these stores, the malware could have found that data.”
The retailer said payment cards used on its website, forever21.com, were not affected. The company advised customers who shopped at stores to stay vigilant and keep an eye on their credit credit transactions for any suspicious activity.
The company said an investigation on the incident by law enforcement officials is still undergoing.
© Copyright IBTimes 2024. All rights reserved.