Forever 21 says malware present in some U.S. stores
MANILA, Philippines – Forever 21 said a data breach discovered in November 2017 led to the theft of customers' credit card information in the US.
According to a Forever 21 statement released on Tuesday, January 2, the company hired payment technology and security firms to assist in an investigation into a security breach of the company's point-of-sale (POS) devices and systems.
The malware often only found the card number, expiration date, and internal verification code – but occasionally the cardholder name was also found.
The investigation revealed "encryption was off and malware was installed on some devices in some US stores at varying times during the period from April 3, 2017 to November 18, 2017."
The company added that a device that logs completed payment card transaction authorizations also had malware installed in it in some of the stores involved. "If encryption was off on a POS device prior to April 3, 2017 and that data was still present in the log file at one of these stores, the malware could have found that data."
Forever 21 says it is working with its payment processors, POS device provider, and third-party experts "to address the operation of encryption on the POS devices in all Forever 21 stores."
They are also investigating if stores outside the US were affected.
Payment cards used on Forever 21’s website, www.forever21.com, were not affected. – Rappler.com