Forever 21’s Data Breach Goes Deeper Than Expected

January 4, 2018         By: Steven Anderson

The new year is about to get off to a terrible start, and I don’t mean the ridiculously cold temperatures that most of the United States east of the Rockies is getting socked with. Well, that too, but this is more for anyone who’s shopped at Forever 21 recently and paid by credit card. The data breach spotted back in November got a bit of an update, and the update is as bad as you might expect.

Forever 21 recently noted that an investigation found that credit card information had actually been stolen from the company during the data breach in question. This includes not only card numbers, but also expiration dates, internal verification codes, and even—for a certain number of cases described distressingly as only on “occasion”—cardholder names.

Perhaps even worse, the breach goes as far back as early April of last year, and though in some cases may only have lasted a few days, in others it may have gone on for “…most or all of the timeframe,” according to word from the company. There is some hope, however; the data breaches involved point of sale devices, and not all of these were involved.

To its credit, Forever 21 is actively working to improve its security measures, and is working with payment card networks accordingly, though advises shoppers to continue monitoring their credit reports for “suspicious activity.”

This doesn’t bode well for mobile payments users; mobile payments users have been sticklers about security ever since the concept rolled out; it was easily one of if not the biggest impediments about getting people into mobile payments to begin with. To hear of a data breach is one thing, but to hear of it to the extent that it happened at Forever 21 is even worse. Retailers need to get on the ball as much as the customers do, and perhaps more so.

The Forever 21 data breach demonstrates the importance of monitoring your own credit statements for anything suspicious. It’s not that you should have to, but it’s just a smart thing to do. Especially when breaches like this take place for several months running and no one’s quite sure just how it started.