Forever 21 confirms data breach revealed customers’ card details

It seems Equifax is not the only company that witnessed a data breach exposing sensitive customer details in 2017. Data breach first witnessed in November 2017, the popular clothing retailer, Forever 21 has now confirmed that hackers had access to sensitive data which also includes credit card information of customers.

The company has not yet revealed the exact number of customers affected by the data breach, but it has confirmed that the malware payload did the dirty job in some point of sale (POS) systems of the Forever 21 stores across the U.S. between April 3, 2017, and November 18, 2017.

As per the investigation, which is still ongoing, Forever 21 found out that the malware was built in such a way that it turned off the inbuilt encryption mechanism and stole sensitive customer data, including credit card numbers, expiration dates and verification codes and, in some cases, names of cardholders.

Payment card data stored in certain system logs before April 3rd were also exposed in the breach, Forever 21 said while explaining the incident:

"Each Forever 21 store has multiple POS devices, and in most instances, only one or a few of the POS devices were involved. Additionally, Forever 21 stores have a device that keeps a log of completed payment card transaction authorizations.” 

After investigating the entire breach, the company has assured that the customers who used their cards for payment on the official website (forever21.com) were not affected by the breach.

The well-liked clothing retailer has also advised its customers who shopped at its stores to keep an eye on their credit card transaction for any suspicious activity.