[BreachExchange] Credit Card Breach Reported At Some Forever 21 Stores

Audrey McNeil audrey at riskbasedsecurity.com
Wed Nov 15 20:05:50 EST 2017


http://losangeles.cbslocal.com/2017/11/14/forever-21-data-breach/

 An investigation was underway Tuesday into a reported data breach
involving payment cards used at some Forever 21 stores, company officials
announced.

A spokesperson for the Los Angeles-based retailer said a report from a
“third party” sparked the investigation of its payment card systems
involving card transactions in Forever 21 stores from March through October
of this year.

“Because of the encryption and tokenization solutions that Forever 21
implemented in 2015, it appears that only certain point-of-sale devices in
some Forever 21 stores were affected when the encryption on those devices
was not operating,” the statement says.

That’s little comfort for many consumers, though.

“This really hurts credibility,” cybersecurity expert Phil Lieberman told
CBS2 News. “People put their cards down, and they want to know they are not
going to have to change their cards out.”

A silver lining for shoppers who use cards with chips is that it makes it
more difficult for criminals to obtain information, as opposed to cards
that are swiped.

Any customers who notice an unauthorized charge should immediately notify
the bank that issued the card, company officials said. Payment card network
rules generally state that cardholders are not responsible for such charges.

“Because the investigation is continuing, complete findings are not
available, and it is too early to provide further details on the
investigation,” the statement says. “Forever 21 expects to provide an
additional notice as it gets further clarity on the specific stores and
timeframes that may have been involved.”

Customers can get more information by visiting the Forever 21 website.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171115/fce13cc8/attachment.html>


More information about the BreachExchange mailing list