FOREVER 21 customers may have lost money through card payment security breach

Forever 21 credit card hack scares up security storm

Fashion brand Forever 21 is the latest retailer to suffer a credit card payment security breach.

The family-owned Californian brand admitted in November 2017 that it was hacked and thousands of credit card numbers may have been exposed.

Poorly-encrypted card machines at the till appear to be the source of the hack.

In a statement posted on their website, Forever 21 said they were alerted to the breach after getting “a report from a third party that suggested their may have been unauthorized access to data from payment cards”.

The company warned anyone who had shopped in their stores between March and October 2017 to check their bank accounts for suspect payments.

It’s understood that hackers may have been able to gain access to credit card numbers because not all payments made at the till had been properly encrypted.

Because of the encryption and tokenization solutions that FOREVER 21 implemented in 2015, it appears that only certain point of sale devices in some FOREVER 21 stores were affected when the encryption on those devices was not in operation.

We immediately began an investigation of our payment card systems and engaged a leading security and forensics firm to assist us.

Protecting our customers’ payment card data is a top priority, and we are continuing to take steps to address this incident.

- Spokesperson: Forever 21

The average cost of each shop under investigation is £130, the company reported.

Forever 21 has over 800 clothing stores in 57 countries worldwide.

It closed UK outlets in Manchester and Glasgow this year, retaining only three flagship shops in Birmingham’s Bullring Centre, in Liverpool, and on Oxford Street in London.

As a rule, credit card companies tend not to penalise their cardholders if they are the victims of fraud.

But Forever 21 did not release a list of the cards affected, nor could it say which stores were under investigation.

While the security incident raises serious concerns, both about the viability of Forever 21 and the security of other card payment machines in other big retailers, there could be more revelations coming.

MAIN IMAGE: Forever 21, Birmingham/Wildbytes


Tom is a tech journalist and Editor at
Back To Top