Apparel retailer Forever 21 said in the end-week of December 2017 that malware infection on its point-of-sale machines resulted in hacking of data related to payment cards from a few specific stores during the year. Reportedly, the attack got aggravated due to encryption absent on those machines.
The $4bn retail firm based in Los Angeles published one news release on December 28 to confirm that some party with sinister intentions gained admission into data from the credit and debit cards of a section of customers during the period April 3-November 18, 2017. The attacker could do so via a malware-laced assault combined with inadequate POS security.
With a cyber forensics company that Forever 21 hired, investigation into the problem started. Initially when concrete details couldn’t be obtained, the retail firm cautioned about a few POS devices within certain Forever 21 stores as being impacted where there was little utilization of encryption. Zdnet.com posted this dated January 2, 2018.
It got determined from the investigation that encryption was halted while malicious software was loaded onto certain devices within a few stores in USA at different times from 3rd April-18th November, 2017.
In addition, Forever 21 stated that a machine which logged entire transaction authorizations on payment cards too had malicious software planted onto it within a few of the outlets.
And while it isn’t yet known about the data hack’s intensity it’s also still not clear about the number of outlets and customers impacted albeit Forever 21 is presently having suppliers of POS machines and cyber-security experts with whom it’s working for enhancing its future security.
‘Forever 21’ was as well working with the hacked point-of-sale device manufacturer, the payment processors along with law enforcement for additional probe into the online infiltration, the business firm stated.
Meanwhile, the apparel shop isn’t alone in being victimized with the kind of attack. Point-of-sale contaminations are an increasingly frequent mode by which crooks carry out big-scale seizures of credit and debit card information. Among the targets so far, the Hilton hotel chain, Target the big-box retailer as well as restaurant chains are also included.