September 18, 2008

Forever 21 discloses breach ongoing for three years



Clothing retailer Forever 21 has disclosed that hackers gained access to credit card information of customers who shopped on nine dates between 2004 and 2007 and of customers who shopped at the merchant's Fresno, Calif. outlet between Nov. 26, 2003 and Oct. 24, 2005.

What type of personal information? Credit and debit card numbers, in some cases expiration dates and other card details.

How many victims? 98,930 accounts.

What happened? On Aug. 5, the U.S. Secret Service notified Forever 21 that it was one of 12 retailers whose systems were compromised by a gang of hackers recently indicted. The retailer then conducted a forensic exam to confirm the data heist.

What was the response? Forever 21 sent notification letters to affected customers and contacted the three major credit reporting bureaus.

Details: The shoppers affected made purchases on five dates in 2004 and four dates in August 2007. Forever 21 says it has been in compliance with the Payment Card Industry Data Security Standard since 2007. After the company was informed of this breach, it said it implemented additional security measures.

Source: PR NewswireMarketWatch, "Forever 21 Provides Notice to Customers Regarding Security Breach Incident," Sept. 12.

Previous Post
Next Post
Similar Articles

Advertisement

How to Prevent Insider Threats!

POLL

More in The Data Breach Blog

Hackers raid Washington state court system to steal 160,000 SSNs, 1M driver's license numbers

Hackers raid Washington state court system to steal ...

After the public website of the Washington state Administrative Office of the Courts was compromised in February, an investigation revealed the severity of the breach in April.

Personal California birth records found in "unsecure" location

The California Department of Public Health announced that the data included names, addresses, Social Security numbers, and medical information.

Investment regulator loses portable device containing personal data

Although the specifics of the lost information is unknown, the Investment Industry Regulatory Organization of Canada has announced that 52,000 clients of 32 brokerage firms have been affected.