Forever 21 Verifies Breach Lasted For Most Of 2017

A few months ago, the fashion retail chain Forever 21 announced that it may have suffered a possible payment card breach. The company has now revealed the findings of its own investigation — and the breach seems to be at least as bad as initial suspicions suggested.

Trong Nguyen /

A recent update from the company reveals details of the internal investigation, which “found that encryption was off and malware was installed on some (point-of-sale) devices in some U.S. stores at varying times during the period from April 3, 2017 to November 18, 2017. In some stores, this scenario occurred for only a few days or several weeks, and in some stores this scenario occurred for most or all of the timeframe.”

Forever 21’s investigation has determined that “the encryption technology on some point-of-sale (POS) devices at some stores was not always on.” There were also signs of unauthorized network access and installation of malware on some of the POS devices.

Stolen Card Information

The malware was designed to search for data from payment cards, including card number, expiration date, and verification code, and strangely, the cardholder’s name was also found “occasionally.” Which means that in some instances, everything required to easily make purchases online with someone else’s card was taken.

Although we now have a timeframe for the breach, there are still many unknowns. It’s unclear which stores and which POS terminals were exactly affected, and when. We also don’t know how many cardholder names were revealed.

Assume The Worst

Because of these unknowns, if you shopped at any Forever 21 U.S. retail location in that April-November timeframe, you must assume that your card information could have been stolen. The chain has noted that its website experienced no breaches during the time — it was solely an in-store breach.

Forever 21 is notifying payment card networks about the incident, and the company urges customers to stay vigilant and check card statements for unauthorized activity. If you have an idea of exactly what card you used while shopping at the store, it may help you narrow things down — you can contact your payment card company, and you might want to request a new card.

Phil Dzikiy

Phil Dzikiy

Phil Dzikiy is the former editor in chief of Security Baron. Before, he has worked as a freelance writer and editor at websites like and along with publications like the Lockport Union Sun & Journal and the Greater Niagara Newspapers. With digital and print experience under his belt, Phil has a passion for all things technology including home security, cyber security, and the smart home. His bachelor's degree in Journalism from the University of Maryland College Park initially landed Phil his first job at the Beaver County Times, which has lead to over 15 years of experience as a journalist.

Trending News

Follow Us