Forever 21 is a fashion brand with its headquarters in Los Angeles. Primarily famous among the young generation, the retailer offers stylish and trendy fashion at great prices. However, the fashion retailer fell prey to a data breach earlier this year. The fashion retailer made an announcement about a possible security breach by unknown hackers, which gave them unauthorized access to data from debit and credit cards used at some of its store locations. The American clothes retailer operates in 57 countries having over 815 stores.
Details of the breach were not made public
The company could not divulge details about the stores that were affected but gave information on the shopping period, that is, between March and October. Immediately after learning about the breach, the company called security and forensics teams to investigate the payment systems. Customers were informed soon after it was confirmed by the company that a data breach had occurred.
Customers who shopped at the stores were asked to monitor their payment card statements and notify their banks to check on any unauthorized charge. Forever 21 were informed of the breach when they received a report from a third party monitoring service. According to the details given by the company, they had implemented an encryption and tokenization solutions but the encryption of some PoS devices in some of their stores were not in operation, which has been the target of the hackers and the cause of this breach.
What is a data breach?
A data breach is an incident involving leakage of confidential or personal information by a person unauthorized to do so. A data breach can occur on many levels varying from personal to trade secrets to the individual property to organizational to national security.
How do data breaches occur?
Malicious cyber attacks are the most common type of data breaches. Hackers can hack anyone’s information, be it the personal banking information or intellectual property. They hack into corporate networks to steal confidential data or commit a fraud by evading banking passwords. The lesser-known type of data breach is the one that happens offline. Multiple parties every day handle Offline information and once any confidential information is documented in the paper, there is no way to reverse the action. This data can easily be anyone’s possession without the originator being aware. Such type of a data breach can pose severe consequences and there is no way to determine the person behind this kind of breach. To prevent such a breach, the confidential documents must be disposed of in a secure manner.
One of the simplest ways for a data breach to happen is when a device is stolen or lost. If anyone forgets a flash drive in a meeting or a conference or leaves the laptop behind in a public transport, the company’s data might get into the wrong hands and get exposed for a potential breach. Mobile phones usually have the personal information of the users mainly in their emails which if stolen can result in a data breach by an unknown person. Weak security controls are an indirect invitation to the hackers giving them an easy way to crack passwords. Most of the cyber attacks occur due to a weak security infrastructure which should be a lesson for organizations to adopt strong security measures and have the right security controls in place.
Related articles published in EMV and Smart Payment Cards :
- Contactless technologies are permeating the public transport sector
- Digitization: The way forward in financial services
- Merchant payment solutions for cannabis dispensaries
- Paying at the table will grow through 2017
Source : https://thehackernews.com/2017/11/data-breach-forever21.html