The popular US clothes retailer Forever 21 has confirmed it has suffered a breach and hackers stole credit card information.
The company did not specify on how many customers were affected but confirmed the presence of malware on various number of point of sales (POS) systems in stores across the country between April 3rd and November 18th of this year.
“The investigation determined that the encryption technology on some point-of-sale (POS) devices at some stores was not always on. The investigation also found signs of unauthorized network access and installation of malware on some POS devices designed to search for payment card data. The malware searched only for track data read from a payment card as it was being routed through the POS device. In most instances, the malware only found track data that did not have cardholder name – only card number, expiration date, and internal verification code – but occasionally the cardholder name was found.”
The company also said that not every POS terminal in affected stores were infected by malware and payment cards used on its online website forever21.com was not affected by the breach.
In the investigation, it was found that the encryption was not always on in some stores and the malware was found installed on some devices in U.S stores in between April 3, 2017, and November 18, 2017.
The company always keeps a log of completed payment card transaction authorizations, and When the encryption is off, payment card data will be stored in this log.
The malware was found installed on the log devices and which is capable of finding payment card data from the logs.
“So if encryption was off on a POS device prior to April 3, 2017, and that data was still present in the log file at one of these stores, the malware could have found that data.” said in the statement released by the company.
The company said that the investigation is still ongoing and advised users to review their account statements for any suspicious activity.