Forever 21 has confirmed in a press release that various POS terminals were exposed to hackers for months, leaving customer payment card information unprotected from April 3, to November 18, 2017. Hackers were able to acquire card numbers, expiration dates, verification codes, and cardholder names.
"We regret this incident occurred and any concern this may have caused you," the company said Thursday.
The company came out with the confirmation of a cyber attack following a notification sent out on November 14 stating that they may have been targeted by hackers. Forever 21 said hackers were able to get their hands on this sensitive data by installing malicious software on some POS terminals in stores, allowing them to bypass the security that is supposed to keep customer payment information confidential.
Forever 21 said its POS terminals, which are used to swipe credit cards when paying, are supposed to be encrypted, making the data unreadable for anyone who is able to get their hands on it. But there were times when the encryption was turned off, said Forever 21 in a notification, leaving customer payment information exposed to hackers.
This is not the first instance of a large company suffering a data breach. Major fast food chain Chipotle Mexican Grill, Inc. (NYSE: CMG) and large video game retailer GameStop Corp.(NYSE: GME) also suffered similar hacks in 2017.
The company, which operates more than 815 stores in 57 countries, did not say which of its stores were affected or specify how many customers had their information stolen.