back to article US retailer Forever 21 hit by payment card breach

Almost 99,000 payment cards used by people shopping at Forever 21 stores may have been lifted over a four-year period by people linked to the heist of 45.6 million payment cards from customers from stores owned by TJX Companies. On Friday, the company issued a statement on its website that said it learned of the theft from law …


This topic is closed for new posts.


here you go:


No doubt...

there'll be more 'revelations' of other companies caught up in the TJX case.

Would make a refreshing change if they were up front about it, but I'd not be holding my breath!


For your benefit.

September 12, 2008

Important Public Notice Regarding Customer Personal Information

Dear Valued Customers:

Law enforcement recently informed us that our systems may have been illegally accessed to obtain customer payment card information. We have determined that this incident may have affected a subset of our customers who shopped at our stores on the following nine dates: March 25, 2004; March 26, 2004; June 23, 2004; July 2, 2004; July 3, 2004; August 4, 2007; August 5, 2007; August 13, 2007; and August 14, 2007. In addition, the incident may have affected customers who shopped at our Fresno, California store located at 567 E. Shaw Ave. between November 26, 2003 and October 24, 2005.

On August 5, 2008, the U.S. Department of Justice in Boston filed indictments against 3 individuals alleged to have committed crimes involving credit card fraud against 12 retailers. That morning, Forever 21 was contacted by the U.S. Secret Service and was advised that our company was identified in the indictment as one of the retail victims. We subsequently received from the Secret Service a disk of potentially compromised file data. We promptly retained forensic consultants to help us examine the file data and our systems. Based on that investigation, we believe that the unauthorized persons accessed older credit and debit card transaction data for approximately 98,930 credit and debit card numbers. Approximately 20,500 of these numbers were obtained from the Fresno store transaction data. The data included credit and debit card numbers and in some instances expiration dates and other card data, but did not include customer name and address. More than half of the affected payment card numbers are no longer active or have expired expiration dates.

We have been working with our acquiring bank and payment card networks to resolve the situation. Your card issuing institution may send you a written notice mailed to the address related to the account number about this incident. We have also contacted the three principal credit reporting bureaus, Equifax, Experian and TransUnion, to advise them of the situation. Since 2007 when the Payment Card Industry Data Security Standards (the "PCI Standards") were imposed, our systems have been certified to be in compliance with the PCI Standards, including the data encryption standards. After we were informed of this incident, we adopted additional proactive security measures and continue to regularly monitor our systems for intrusions.

If you shopped at our stores on the nine dates above or at our Fresno store during the time period indicated, we are alerting you so that you may take steps to protect yourself from payment card fraud. It is important for you to carefully monitor your accounts and report suspicious transactions to your issuing financial institution immediately. As a further precaution, you may wish to place a fraud alert on your credit file. Specific information about protecting your credit lines and financial information is linked to this notice. Please review it closely. We also recommend that you review the identity theft materials posted for consumers on the Federal Trade Commission¡¯s (the "FTC's") Web site,, and in particular, the posted copy of the FTC's booklet, "Take Charge: Fighting Back Against Identity Theft."

Should you have any questions about this incident or need additional information, we have designated a customer service number for you to call, 1-888-757-4447.

We regret any inconvenience or concern that this incident may have caused you and look forward to serving you in the years ahead.


Forever 21, Inc.

Anonymous Coward

Missing Links?

Seems that link at the bottom of the Forever21 page is gone... Not a very useful Customer notice if it disappears in no time flat....

Paris Hilton

Forever 21?

More like forever in remedial, the whole world is full of companies and governments who employ people who don't know their arse from their elbow. Ooh! Sorry about that, we'll close the hole right away.We hope it didn't spoil your shopping experience too much.

Paris, 'cos you couldn't mistake her arse for her elbow and neither could she. As for security hole....

This topic is closed for new posts.


Biting the hand that feeds IT © 1998–2017