Towards the end of 2017, clothing retailer Forever 21 announced that malware had been discovered in their point-of-sale machines. Today, they released the preliminary findings of the investigation conducted into this security breach.
Although the company uses encryption technology on their POS devices, the investigation discovered this encryption was not always on leaving their systems vulnerable to attack. The breach occurred at several locations across the U.S. from April through November 2017. The investigation further uncovered that the data tracked and stolen was primarily card data, such as number, expiration date, and verifying codes. In most cases, the cardholder name was not found to be compromised.
Forever 21 is continuing the investigation into this breach and urges its customers to be mindful of the charges present on their billing statements.