Criminals hacked point-of-sale terminals of Forever 21

Hackers broke into Forever 21's servers and stole customers' data

Forever 21 hack led to stolen customers' dataThe famous Forever 21 retailer confirms that its payment servers were hacked and customers' credit card details might be at risk. In the official press release, the shop claims that only specific devices in some of the Forever 21 shops were affected[1]. However, people who have used their services from March 2017 to October 2017 should be concerned.

According to the analysts, the hackers managed to get such credit card details as numbers, confirmation codes, expiration dates, and in some cases the name of the cardholder[2]. This data breach could lead to significant financial losses to many Forever21 customers.

However, Forever 21 says the following in their official report[3]:

We regret that this incident occurred and apologize for any inconvenience. We will continue to work to address this matter.

Malicious software was installed on sales terminals across the shops

Shortly after being notified about the potential hacker attack, Forever 21 hired leading payment technology and security firms to investigate. They have found that encryption technology the retailer used was not always working on certain point-of-sale (POS) devices[4]:

The investigation determined that the encryption technology on some point-of-sale (POS) devices at some stores was not always on. The investigation also found signs of unauthorized network access and installation of malware on some POS devices designed to search for payment card data.

Even though there are multiple POS devices across Forever21 shops, some of them might be infected including a log device which stores the data of completed payment card transaction authorizations[5]. If the malware was present on the device and the encryption was off, it could have recorded that data.

Forever 21 has taken the corresponding measures to deal with the attack:

Forever 21 has been working with its payment processors, POS device provider, and third-party experts to address the operation of encryption on the POS devices in all Forever 21 stores.

Tips to protect your data

If you have any doubts about your security, experts recommend you to monitor the activity of your bank account carefully and identify any unauthorized transactions:

It is always advisable for customers to closely monitor their payment card statements. If customers see an unauthorized charge, they should immediately notify the bank that issued the card. Payment card network rules generally state that cardholders are not responsible for such charges.

Note that those who have used the online Forever21 shop should not be concerned. The malware hasn't affected an e-shop system.

About the author
Lucia Danes
Lucia Danes - Virus researcher

Lucia is a News Editor for 2spyware. She has a long experience working in malware and technology fields.

Contact Lucia Danes
About the company Esolutions