Share this article on:
Clothing retailer Forever 21 has disclosed a data breach that has compromised the information of over 500,000 people.
The brand first notified the Office of the Maine Attorney-General, saying a cyber attack had affected its systems on 20 March.
“On March 20, 2023, Forever 21 identified a cyber incident that impacted a limited number of systems. Once the incident was discovered, Forever 21 immediately launched an investigation, and leading cyber security firms were engaged to assist,” said a company notice issued to customers.
Further investigation then revealed that attackers had access to Forever 21’s systems from January and March.
“The investigation revealed that an unauthorised third party accessed certain Forever 21 systems at various times between January 5, 2023 and March 21, 2023,” the notice continued.
“Findings from the investigation indicate the unauthorised third party obtained select files from certain Forever 21 systems during this time period.”
Forever 21 has assured customers that at this stage in the investigation, there is no evidence to suggest that any of the data exposed in the cyber attack has been used for malicious purposes such as theft or fraud and adds that it doesn’t see any reason that the data may be used in this way.
“In addition, Forever 21 has no indication that the unauthorised third party further copied, retained, or shared any of the data.
“As a result, we believe the risk to individuals whose personal data was involved in this event is low,” it said.
Forever 21 has secured its systems to ensure that the threat actor is no longer able to access its systems. It also has taken measures to guarantee the attacker has deleted the data.
Despite the confidence that the risk to customers is low, the retailer has launched a “robust review” of its systems and the files that may have been compromised. Findings from its review determine that personal information such as names, dates of birth, bank account numbers, social security numbers, bank account numbers without a pin, and information regarding Forever 21 health plans.
While not disclosed in the notice, a Forever 21 spokesperson speaking with BleepingComputer has confirmed that the files affected in the data breach were limited to current and former employees.
Forever 21 employs roughly 43,000 people currently and has 540 outlets across the globe.
Much of the attack is still unknown, with no indication of the attackers’ motives. While Forever 21’s response suggests communication with the threat actor and thus a ransomware attack, this has not been confirmed.