Fashion retailer Forever 21 data breach impacted +500,000 individuals

Fashion retailer Forever 21 disclosed a data breach that exposed the personal information of more than 500,000 individuals.

On March 20, 2023, the fashion retailer Forever 21 has discovered a cyber incident that impacted a limited number of systems. The company immediately launched an investigation into the incident with the help of leading cybersecurity firms. The retailer also notified law enforcement.

The investigation revealed that threat actors had access to certain Forever 21 systems at various times between January 5, 2023 and March 21, 2023.

“Findings from the investigation indicate the unauthorized third party obtained select files from certain Forever 21 systems during this time period. We have no evidence to suggest your information has been misused for purposes of fraud or identity theft as a result of this incident – and no reason to believe that it will be.” reads the data breach notification letter sent to the impacted individuals. “As a result, we believe the risk to individuals whose personal data was involved in this event is low. Nonetheless, a robust review of the files involved was conducted to identify individuals whose personal information may be contained in the files.”

This month, the investigation revealed that the exposed personal information includes names, Social Security numbers, dates of birth, bank account numbers (without access code or pin), and information regarding the Forever21 health plan, including enrollment and premiums paid.

According to the company, the total number of persons affected is 539207. To prevent similar incidents from occurring in the future, the company announced it has implemented additional cyber security measures to protect its infrastructure.

The company did not provide details about the attack, but it is likely it was the victim of a ransomware attack.

FOREVER 21 is offering a complimentary 12-month membership of Experian’s® IdentityWorks℠ identity protection service.

In November 2017, the US clothes retailer FOREVER 21 announced it had suffered a security breach, at the time the hackers stole payment card data at some locations.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Data Breach)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.