State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

FOREVER 21

Original Release Date: 1/4/2018

Summary

In our November 16, 2017 bulletin we reported that clothing retailer Forever 21 suffered a data breach. Forever 21 has since issued a press release providing additional information about the payment card security incident. Their investigation revealed that encryption technology on some point-of-sale (PoS) devices at some Forever 21 stores was not always enabled and malware designed to search for payment card data was present on some devices during various times between April 3, 2017 and November 18, 2017. Forever 21 stores also have devices that maintain logs of completed payment card transaction authorizations and it was discovered that some were being utilized by the malware during the affected time period. 

Recommendations

The NJCCIC recommends all customers who shopped at Forever 21 stores during the impacted timeframe carefully monitor their bank card statements and report fraudulent charges as soon as possible.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.