Some POS systems in US Forever 21 stores had encryption turned off, leading to malware infection and data leaks.
Building a slide deck, pitch, or presentation? Here are the big takeaways:
- Customers at several US Forever 21 stores may have had their payment information stolen between April and November 2017, due to malware installed on certain POS devices.
- Credit and debit cards used to make purchases on Forever21.com were not affected.
Customers of clothing store Forever 21 received an unfortunate surprise just before New Years: Their payment information may have been stolen due to a data breach, the company detailed in a statement.
The clothing store is far from the only company to experience a security breach in the last year: Verizon, Uber, and of course, Equifax also experienced major incidents that put customer information at risk, highlighting the need for more concentrated security efforts to keep business running.
In October 2017, a third party informed Forever 21 of a potential breach to their system, with unauthorized users possibly accessing customer payment information. The company first informed customers of the incident in November 2017, as noted by our sister site ZDNet, though few details were available.
The company launched an investigation, and found that while they have used encryption in their point of sale (POS) systems since 2015, machines in some stores had the protection turned off. Further, signs of unauthorized access and malware that searches for payment information were found on some POS devices that were no longer encrypted.
SEE: Intrusion detection policy (Tech Pro Research)
"The malware searched only for track data read from a payment card as it was being routed through the POS device," according to the statement. "In most instances, the malware only found track data that did not have cardholder name - only card number, expiration date, and internal verification code - but occasionally the cardholder name was found."
Forever 21 determined that encryption was turned off and malware was downloaded on some POS devices in US stores intermittently between April and November 2017. In certain stores, this occurred for only a few days or weeks, but it lasted for months in others, the statement said. In most cases, only one or a few of a store's multiple POS devices were impacted.
Malware was also found in some of the logs kept by each store that record card transactions when their encryption was turned off, potentially putting more card information at risk.
Forever 21 is now working with its payment processor, POS device supplier, and third party experts to strengthen its payment security posture, the statement said. Law enforcement is also investigating the incident.
Credit and debit cards used to make purchases on Forever21.com were not affected, according to the statement. Investigations are ongoing as to whether or not POS machines in stores outside of the US were also affected.
Forever 21 advised customers to review bank statements for any unauthorized activity, and to report such charges to the card issuer.
- IT leader's guide to reducing insider security threats (TechRepublic)
- Forever 21 investigation reveals malware presence at some stores (ZDNet)
- WannaCry: The smart person's guide (TechRepublic)
- PayPal's TIO Networks reveals data breach impacted 1.6 million users (ZDNet)
- Forever 21: Yes, hackers breached our payment system (TechRepublic)