Forever 21 Data Breach: Hackers Accessed Info of 500,000
Forever 21, a renowned clothing and accessories retailer, is notifying over half a million individuals whose personal information was exposed to network intruders.
The company operates 540 outlets worldwide and employs approximately 43,000 people.
Data Breach Notice
A data breach notice shared with the Office of the Maine Attorney General reveals that Forever 21 detected a cyberattack on several of its systems on March 20.
An investigation determined that hackers had intermittent access to Forever 21 systems between January and March of this year, using this access to steal data.
According to the notice, “The investigation revealed that an unauthorized third party accessed certain Forever 21 systems at various times between January 5, 2023, and March 21, 2023.”
Potentially Exposed Data
- Full name
- Social Security Number (SSN)
- Date of Birth
- Bank Account Number
- Forever 21 Health Plan information
We reached out to Forever 21 to determine if the security incident has affected both customers and employees. However, as of publication time, we have not received a response.
Forever 21 reports in the notice that they have taken measures to ensure the hackers have deleted the stolen data, hinting at communication with the attacker.
This kind of action is typically seen in ransomware attacks, where the victim negotiates with the hackers to pay a more reasonable ransom. However, it has not been confirmed whether Forever 21 was targeted by a ransomware attack.
The company also states that they have no evidence to suggest that the stolen data has been shared with other cybercriminals. They classify the risk for exposed individuals as “low.”
Furthermore, all recipients of the notice will receive instructions on how to enroll in a free 12-month fraud and identity theft protection service.
In November 2017, Forever 21 informed its customers of another data breach affecting its payments system. This incident resulted in the compromise of card data from transactions made between March and October 2017.