Forever 21 customers’ data was gathered for 8 months

We have already reported the security breach in the Forever 21 customers’ database. The famous clothing company has officially confirmed the unauthorized access and explained that it occurred due to the weak encryption of information. However, it has come to light that the hackers were able to infect PoS terminals with a malicious program, focused on stealing payment card info.

Customers of over 800 stores might have been put in danger

The malicious software is calculated to have been installed sometime around April and remained undetected until November. Forever 21 states that a lot of its stores were exposed to the malicious attack, but the time period of being compromised is different. Some shops were only jeopardized for a short period of time, but some were put in danger for approximately whole 8 months.

Forever 21 company goes into detail by explaining how their stores uses several PoS terminals. Sadly, not all of their shops used the appropriate encryption. Therefore, crooks managed to detect this security gap and used to their advantage by installing malicious software. Therefore, while customers bought clothes and other fashionable items from the shops, they had no idea that their payment card details were put in jeopardy.

The installed malicious software was mainly designated to collect information from clients’ payment cards. In majority of cases, hackers obtained such details like expiration dates, internal verification codes and card numbers. In a fewer instances, crooks were lucky enough to link this data to a specific customer by obtaining names.

Forever 21 company operates over 800 stores. Therefore, it is difficult to estimate the actual number of compromised shoppers, but the number is predicted to be huge. After all, their stores are popular all over the world. However, Forever 21 explains that it might be that only stores from United States might have been affected by the malicious software hackers had installed. Shops in other countries appear to be using different techniques for data-management.

Forever 21 opts for a safer tomorrow

After this unfortunate security announcement, Forever 21 decided to pay more attention to the way the payment card information is encrypted. Because of this, security specialists have been hired to solve this issue and make sure that such incidents would not be repeated.

It is unfortunate that such popular companies are still remaining ignorant to the cyber security issues. If Forever 21 had been more cautious, this incident might have been avoided. After all, all they needed to do was to use stronger encryption and protection measures. Our security team urges companies to reassure their customers’ privacy with a great attention to detail. Hackers have sophisticated skills and they are always looking for vulnerabilities to exploit.

Source: theregister.co.uk.