Forever 21, a well-known retailer of clothes, revealed a significant data breach last week that affected about 540,000 customers.
The fast-fashion behemoth disclosed in a regulatory statement that hackers had access to its computers from January 5 to March 21 of this year.
On March 20, the company discovered the breach and launched an investigation, discovering that the hackers accessed names, Social Security numbers, dates of birth, bank account numbers (without an access code or pin), and information about employee health plans, including enrollment and premiums paid. According to a Forever 21 representative, the compromise only affected current and past employees.
The company did not respond to queries for comment on whether it was a ransomware attack or whether a ransom was paid, but the company stated in breach notification letters to victims that it had “taken steps to help assure that the unauthorized third party no longer has access to the data.”
Forever 21 Cyberattack Investigation
“We also informed law enforcement and continued to assist them with their investigation.” “An unauthorized third party accessed certain Forever 21 systems at various times between January 5, 2023 and March 21, 2023,” the company wrote in a file with Maine’s data breach disclosure site.
“The investigation’s findings indicate that an unauthorized third party obtained select files from certain Forever 21 systems during this time period.” “We have no evidence that your information was misused for the purposes of fraud or identity theft as a result of this incident – and no reason to believe it will be,” Forever 21 added.
The 539,207 victims will receive a year of free identity protection services.
The California-based corporation declared bankruptcy in 2019 but continues to run hundreds of locations throughout the world, employing over 30,000 people. At its peak, the corporation reported $4.4 billion in revenue.
Attacks like the Forever 21 event continue to roil businesses of all sizes. According to Check Point researchers, the retail industry had the greatest increase in the number of cyberattacks in the first half of 2023.
They discovered that merchants received an average of 1,088 attempted attacks each week, and that the industry was the second most afflicted by ransomware.
According to Check Point’s Tony Sabaj, the consequences and harm of a breach are severe, but not severe enough to compel businesses to take more proactive measures.
Another fast-fashion behemoth, Shein, was fined $1.9 million by New York regulators last year for alleged data security and consumer protection violations related to a 2018 hack. In 2017, Forever 21 reported its own breach after discovering hackers obtained data from credit cards used at specific retailers.
“Retail especially is a target because they operate on low margins and do not fund cybersecurity as much as, say, a financial institution,” Sabaj explained. “They also have many points of entry and low-skilled workers.”