Forever 21 Suffered 7-Month POS Malware Attack[source: databreachtoday]

Apparel retailer Forever 21 says point-of-sale systems in some of its stores were infected by malware for up to seven months, compromising shoppers’ payment card data.

On Tuesday, Forever 21 issued an update on its investigation into the “payment card security incident” that it first announced in November.

The retailer now says that an investigation conducted by a third-party incident response firm that it hired has found that malware infected some POS devices last year between April 3 and November 18, and that in some cases “encryption technology” being used by its “payment processing system” was not active, allowing malware-wielding attackers to steal payment card data that was being stored in logs of completed transactions.

Some stores suffered breaches lasting for the entire seven months, while others were breached “for only a few days or several weeks,” Forever 21 says. “We regret this incident occurred and any concern this may have caused you.”

Privately held Forever 21 sells “cheap chic” women’s and men’s clothing and accessories, catering especially to teenage girls and young women, and operates about 400 stores globally, many located in shopping centers. Founded in California in 1984, Forever 21 says it’s the fifth largest specialty retailer in the United States.

For more, click here.