September 18, 2008

Forever 21 discloses breach ongoing for three years



Clothing retailer Forever 21 has disclosed that hackers gained access to credit card information of customers who shopped on nine dates between 2004 and 2007 and of customers who shopped at the merchant's Fresno, Calif. outlet between Nov. 26, 2003 and Oct. 24, 2005.

What type of personal information? Credit and debit card numbers, in some cases expiration dates and other card details.

How many victims? 98,930 accounts.

What happened? On Aug. 5, the U.S. Secret Service notified Forever 21 that it was one of 12 retailers whose systems were compromised by a gang of hackers recently indicted. The retailer then conducted a forensic exam to confirm the data heist.

What was the response? Forever 21 sent notification letters to affected customers and contacted the three major credit reporting bureaus.

Details: The shoppers affected made purchases on five dates in 2004 and four dates in August 2007. Forever 21 says it has been in compliance with the Payment Card Industry Data Security Standard since 2007. After the company was informed of this breach, it said it implemented additional security measures.

Source: PR NewswireMarketWatch, "Forever 21 Provides Notice to Customers Regarding Security Breach Incident," Sept. 12.

Previous Post
Next Post
Similar Articles

Sign up for our newsletters

POLL

More in The Data Breach Blog

Laptop stolen from S.C. medical center contains data on 7k veterans

Laptop stolen from S.C. medical center contains data ...

Last week, hospital officials began notifying patients of the February theft.

Medical records of 2k patients left unprotected on contractor's server

Medical records of 2k patients left unprotected on ...

The records were stored by storage provider working with Glens Falls Hospital in New York.

Doctor's stolen laptop found at pawn shop; data of 652 patients exposed

The psychologist was a private contractor for Washington's Department of Social and Health Services.