Fashion retailer Forever 21 data breach impacted +500,000 individuals

Fashion retailer Forever 21 disclosed a data breach that exposed the personal information of more than 500,000 individuals.

On March 20, 2023, the fashion retailer Forever 21 has discovered a cyber incident that impacted a limited number of systems. The company immediately launched an investigation into the incident with the help of leading cybersecurity firms. The retailer also notified law enforcement.

The investigation revealed that threat actors had access to certain Forever 21 systems at various times between January 5, 2023 and March 21, 2023.

“Findings from the investigation indicate the unauthorized third party obtained select files from certain Forever 21 systems during this time period. We have no evidence to suggest your information has been misused for purposes of fraud or identity theft as a result of this incident – and no reason to believe that it will be.” reads the data breach notification letter sent to the impacted individuals. “As a result, we believe the risk to individuals whose personal data was involved in this event is low. Nonetheless, a robust review of the files involved was conducted to identify individuals whose personal information may be contained in the files.”

This month, the investigation revealed that the exposed personal information includes names, Social Security numbers, dates of birth, bank account numbers (without access code or pin), and information regarding the Forever21 health plan, including enrollment and premiums paid.

According to the company, the total number of persons affected is 539207. To prevent similar incidents from occurring in the future, the company announced it has implemented additional cyber security measures to protect its infrastructure.

The company did not provide details about the attack, but it is likely it was the victim of a ransomware attack.

FOREVER 21 is offering a complimentary 12-month membership of Experian’s® IdentityWorks℠ identity protection service.

In November 2017, the US clothes retailer FOREVER 21 announced it had suffered a security breach, at the time the hackers stole payment card data at some locations.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Data Breach)