Forever 21 Confirms Payment System Breach; Explains How Hackers Stole Credit Card Information for Months

By Jessica Ferrera, Christian Post Contributor

International clothing brand Forever 21 closed the year with some bad news as it notified its customers about a security incident and revealed more details on how hackers were able to breach its supposedly encrypted payment system.

Back in November 2017, Forever 21 issued an official statement confirming that its payment system had been breached. In it, the company said it had started an investigation following a report that "there may have been unauthorized access to data from payment cards that were used at certain FOREVER 21 stores."

A few days before New Year, Forever 21 issued a follow-up notification to address the issue and to provide more details which it had gathered from the previous investigation.

Get Our Latest News for FREE

Subscribe to get daily/weekly email with the top stories (plus special offers!) from The Christian Post. Be the first to know.

Forever 21 reiterated that it had enlisted help from technology security firms to get to the bottom of the hack. The company learned that the encryption tool it had previously applied to its payment processing system since 2015 did not work properly, which then allowed hackers to gain access to the network.

"The investigation determined that the encryption technology on some point-of-sale (POS) devices at some stores was not always on. The investigation also found signs of unauthorized network access and installation of malware on some POS devices designed to search for payment card data," Forever 21 further explained.

The clothing company added: "The malware searched only for track data read from a payment card as it was being routed through the POS device."

Forever 21 also revealed that the malware allowed the hackers to get a hold of credit card numbers, its expiration dates and internal verification codes. However, the company maintained that none of the cardholder names were acquired by the attackers.

The said malware that caused the encryption system to malfunction was reportedly used at "varying times" from April 3, 2017 to Nov. 18, 2017.

The statement also explained that not all of the POS devices of the affected stores were hacked. "In most instances only one or a few of the POS devices were involved," Forever 21 said.

The Forever 21 hack was one of the major cyber attacks that happened in 2017. These attacks include the hacking of Equifax, the restaurant chain Chipotle, plus the worldwide spread of ransomwares that paralyzed the operations of some international firms.

Was this article helpful?

Help keep The Christian Post free for everyone.

By making a recurring donation or a one-time donation of any amount, you're helping to keep CP's articles free and accessible for everyone.

$25/month$50/quarter$100/yearOne-time

We’re sorry to hear that.

Hope you’ll give us another try and check out some other articles. Return to homepage.