RFID (Radio Frequency IDentification) tags are small, wireless electronic devices that help to identify objects and people. Privacy protection and integrity assurance become rather crucial in the RFID systems, because these RFID tags may have a wide transmission range, making them subject to unauthorized scanning by malicious readers and various other attacks. Hence, Ha et al. proposed an RFID protocol and proved that their protocol can provide the forward privacy service. However, in this paper, it is shown that an attacker can track a target tag by observing unsuccessful previous session of the tag. That is, Ha et al.'s RFID protocol fails to provide the forward privacy protection as claimed.