The year of 2017 will definitely be remembered as the year that witnessed multiple data breaches. Adding to the already long list, FOREVER 21 customers’ credit card numbers were recently leaked.
The clothing retailer revealed earlier this week that hackers may have been able to gather payment card data of customers at certain stores during a large portion of the year. Point of sale devices were also compromised at unnamed locations from March to October.
The company said in a statement that it has hired a “leading security and forensics firm” to investigate and that it “expects to provide an additional notice as it gets further clarity on the specific stores and timeframes that may have been involved.”
FOREVER 21 is far from being the only business hit by a point of sale attack in which hackers plant a skimmer on a card reader and swipe customer data when they swipe credit cards. Target, T.J. Maxx, P.F. Chang’s and Michaels are a few of the other chains hit by breaches over the years.
The company released a notice about this incident on their website. Here is the full text of the notice:
FOREVER 21 is notifying our customers that we recently received a report from a third party that suggested there may have been unauthorized access to data from payment cards that were used at certain FOREVER 21 stores. We immediately began an investigation of our payment card systems and engaged a leading security and forensics firm to assist us.
Because of the encryption and tokenization solutions that FOREVER 21 implemented in 2015, it appears that only certain point of sale devices in some FOREVER 21 stores were affected when the encryption on those devices was not in operation. Our investigation is focused on card transactions in FOREVER 21 stores from March 2017 – October 2017.
Because our investigation is continuing, complete findings are not available, and it is too early to provide further details on the investigation. We expect to provide an additional notice as we get further clarity on the specific stores and timeframes that may have been involved.
It is always advisable for customers to closely monitor their payment card statements. If customers see an unauthorized charge, they should immediately notify the bank that issued the card. Payment card network rules generally state that cardholders are not responsible for such charges.
We regret that this incident occurred and apologize for any inconvenience. We will continue to work to address this matter.