Forever 21, the global fashion giant suffers a data breach exposes personal info of 500K+ individuals. In a cyberattack that took place earlier this year, the company’s systems were compromised, leading to the exposure of sensitive personal information.
With 540 outlets across the world and a workforce of approximately 43,000 employees, The data breach, which occurred between January and March of this year, was only detected on March 20, 2023, when the company realized that hackers had gained intermittent access to its systems. Meanwhile, the total number of persons affected has already reached 5,39,207.
Forever 21 revealed that an “unauthorized third party” had infiltrated their systems during this period and obtained select files. The potentially exposed data includes:
- Social Security Numbers (SSNs),
- Full names,
- Dates of birth,
- Bank account numbers and even information related to Forever 21’s health plan.
In a data breach notice shared with the Office of the Maine Attorney General, Forever 21 revealed that an “unauthorized third party” had infiltrated their systems during this period and obtained select files. The potentially exposed data includes:
The breach primarily affected current and former employees and did not compromise the personal data of Forever 21’s customers. This crucial distinction alleviates concerns for shoppers who might have feared their information was at risk.
One intriguing aspect of this breach is Forever 21’s assertion that they have taken steps to ensure the stolen data has been erased. It also stated that there’s no indication the stolen data has been shared with other cybercriminals, which lowers the overall risk for those affected. Nevertheless, to safeguard the impacted individuals,
Forever 21 has offered a free 12-month fraud and identity theft protection service, which is a commendable effort in mitigating potential harm.
This isn’t the first time Forever 21 has faced such a situation. In November 2017, the company had to notify its customers of a data breach affecting its payment system. Card data from transactions made between March and October 2017 was compromised during that incident.