Forever 21 clothing and accessories retailer is sending data breach notifications to more than half a million individuals who had their personal information exposed to network intruders.
The company is operating 540 outlets worldwide and employs roughly 43,000 people.
A sample of the data breach notice shared with the Office of the Maine Attorney General says that the company detected a cyberattack on several of its systems on March 20.
The investigation revealed that hackers had intermittent access to Forever 21 systems between January and March this year and leveraged this access to steal data.
“The investigation revealed that an unauthorized third party accessed certain Forever 21 systems at various times between January 5, 2023, and March 21, 2023,” reads the notice.
The data breach notice sent on August 29 to 539,207 impacted individuals mentions the following data types as potentially exposed:
- Full name
- Social Security Number (SSN)
- Date of Birth
- Bank Account Number
- Forever 21 Health Plan information
BleepingComputer has contacted Forever 21 to determine if the security incident has impacted both customers and employees, but we have not received a response by publication time.
In the notice, Forever 21 reports that they have taken measures to ensure the hackers have erased the stolen data, an indication that the company communicated with the attacker.
This typically happens after ransomware attacks, when the victim engages in negotiation with the hackers to pay a more reasonable ransom. However, a ransomware attack on Forever 21 has not been confirmed.
Also, the firm states it has no indication that the stolen data has been shared with other cybercriminals and characterizes the risk arising from the event for exposed people as “low.”
Additionally, all notice recipients will find enclosed instructions on how to enroll for a free-of-charge 12-month fraud and identity theft protection service.
In November 2017, Forever 21 notified its customers of another data breach impacting its payments system, resulting in the compromise of card data from transactions made between March and October 2017.