IPower Credit Services – Get a New Credit File – $25,000 in Credit 30 Days

If you recently shopped at Forever 21, your credit card may have been stolen


Customers of clothing store Forever 21 received an unfortunate surprise just before New Years: Their payment information may have been stolen due to a data breach, the company detailed in a statement. eCustomers at several US Forever 21 stores may have had their payment information stolen between April and November 2017, due to malware installed on certain POS devices. Credit and debit cards used to make purchases on Forever21.com were not affected.

The clothing store is far from the only company to experience a data breach in the last year: Verizon, Uber, and of course, Equifax also experienced major incidents that put customer information at risk, highlighting the need for more concentrated security efforts to keep business running.

In October 2017, a third party informed Forever 21 of a potential breach to their system, with unauthorized users possibly accessing customer payment information. The company first informed customers of the incident in November 2017, as noted by our sister site ZDNet, though few details were available.

The company launched an investigation, and found that while they have used encryption in their point of sale (POS) systems since 2015, machines in some stores had the protection turned off. Further, signs of unauthorized access and malware that searches for payment information were found on some POS devices that were no longer encrypted.

Forever 21 determined that encryption was turned off and malware was downloaded on some POS devices in US stores intermittently between April and November 2017. In certain stores, this occurred for only a few days or weeks, but it lasted for months in others, the statement said. In most cases, only one or a few of a store’s multiple POS devices were impacted.

Malware was also found in some of the logs kept by each store that record card transactions when their encryption was turned off, potentially putting more card information at risk.

 Forever 21 is now working with its payment processor, POS device supplier, and third party experts to strengthen its payment security posture, the statement said. Law enforcement is also investigating the incident.

Credit and debit cards used to make purchases on Forever21.com were not affected, according to the statement. Investigations are ongoing as to whether or not POS machines in stores outside of the US were also affected.

Forever 21 advised customers to review bank statements for any unauthorized activity, and to report such charges to the card issuer.