Forever 21 investigating possible data breach

The retailer says that some customer credit cards may have been compromised.
Written by Charlie Osborne, Contributing Writer
(Image: Raysonho | Wikimedia Commons)

Forever 21 is investigating a potential data breach that may have compromised customer information and payment cards.

On Tuesday, the US clothing retailer said that the company recently received a tip from a third-party that there "may have been unauthorized access to data from payment cards" at a number of Forever 21 outlets.

Forever 21 said that following the alert, an investigation was immediately launched and an unnamed cyberforensics firm has also been pulled in to try and ascertain the extent of the breach, should this have occurred.

The Los Angeles, Calif.-based clothing store, which operates over 800 stores in 57 countries including the US, UK, Canada, and Australia, says it is "too early" to provide much information on the matter.

However, the company did reveal that as encryption and token-based authentication systems were implemented back in 2015, "only certain point of sale (PoS) devices in some Forever 21 stores were affected."

According to the firm, a potential compromise may have taken place when encryption "was not in operation" on certain PoS devices, which may suggest older systems or locations where the 2015 rollout did not occur may be at the heart of the security incident.

The investigation is focused on transactions made in store from March to October this year.

The company advises that customers keep an eye on their cards and make their banks aware of any unauthorized activity.

"We regret that this incident occurred and apologize for any inconvenience," Forever 21 said. "We will continue to work to address this matter."

Cybersecurity reads for every hacker's bookshelf

Related stories

Editorial standards