Forever 21: Nearly 99,000 cards compromised in data thefts

The thefts, which date back to 2004, were uncovered by the DOJ

Company officials did not return a phone call seeking comment. A toll-free number set up by Forever 21 to answer questions from customers offered an automated recording repeating what the company had said in its statement but offered no new details. The recording invited callers to leave their names and phone numbers with the promise that someone from the company would get back to them. A message seeking comment left at that number was not returned either. The incidents cited by Forever 21 appear linked to the early August arrests of 11 people on credit card fraud-related charges. They are believed responsible for a series of data heists at 12 major retailers, including TJX Companies, Forever 21, BJ Wholesale Clubs, DSW, Office Max, Barnes and Noble and Sports Authority.

Last week, one of the arrested individuals, Damon Patrick Toey, pleaded guilty to four felony counts, including wire and credit card fraud and aggravated identity theft. He faces up to five years in prison for each of the felony counts plus an additional US$250,000 in fines for each count.

Court papers filed in connection with Toey's arrest and that of other individuals arrested in connection with the data thefts reveal that many of the intrusions were done by taking advantage of weak wireless security at individual retail store locations.

Such incidents highlight the growing need for retailers to implement better security controls at the store level, said Rosen Sharma, chief technology officer at Solidcore Systems.

Until relatively recently, the PCI mandate did not require merchants to implement specific controls for protecting their store systems and networks from being tampered with or broken into, Sharma said. This has made these systems particularly attractive targets for data thieves looking for an easy entry point into a retail network. Often, retail stores locations have little to no physical or virtual security controls and are manned by staff with little knowledge about computer security issues, he said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jaikumar Vijayan

Latest Videos

More videos

Blog Posts