Popular clothing retailer Forever 21 revealed on Tuesday (14 November) that hackers may have gained unauthorised access to payment card systems at some of its stores, potentially compromising the credit card details of customers who shopped there. The company said it was recently notified by a third party of the possible breach and immediately launched an investigation into its payment card systems with the assistance of a "leading security and forensics firms".
"Because of the encryption and tokenization solutions that Forever 21 implemented in 2015, it appears that only certain point of sale devices in some Forever 21 stores were affected when the encryption on those devices was not in operation," the company said in a statement.
The investigation is currently focused on card transactions in Forever 21 stores from March 2017 through October 2017. The Los Angeles-based company did not provide any details regarding when or how the point-of-sale (PoS) breach took place, or what payment card details may have been compromised.
Forever 21 operates more than 815 stores in 57 countries including the US, UK, Australia, Canada, China, Germany, Japan, India, Latin America and Philippines. However, it did not specify which or how many of its stores were affected in the breach.
"Because the investigation is continuing, complete findings are not available, and it is too early to provide further details on the investigation," the company said. "Forever 21 expects to provide an additional notice as it gets further clarity on the specific stores and time frames that may have been involved."
It advised customers to monitor their credit and debit card statements for any possible suspicious activity or unauthorised charges.
"We regret that this incident occurred and apologize for any inconvenience. We will continue to work to address this matter," the firm said.
Forever 21 is the latest in a litany of retail companies that have suffered data breaches this year. Arby's, Brooks Brothers, Saks Fifth Avenue, Chipotle, Equifax, Whole Foods Market and Kmart were among the dozens of companies that reported a data breach this year so far.
IBTimes UK has reached out to Forever 21 for comment.