Forever 21

May 6, 2024 1 min read
Forever 21

Over a period of seven months in 2018, Forever 21 experienced a significant cybersecurity incident when attackers accessed payment card data from an undisclosed number of customers. The attackers managed to penetrate the network and deploy malware designed to harvest credit card information straight from the retailer's point-of-sale (POS) system. A critical security lapse was identified as some of Forever 21's POS devices were not encrypted, which likely facilitated the breach. The exact number of impacted customers remains unclear, even years after the incident. Forever 21 faced a class-action lawsuit as a result of this breach and agreed to settle by compensating for the 'valid out-of-pocket expenses and charges that were incurred and plausibly arose' due to the breach. However, the total financial impact of this compensation has not been disclosed, leaving the full extent of the damage somewhat opaque.


"id": "for1001050624",
"linkid": "forever-21",
"type": "Breach",
"date": "05/2023",
"severity": "75",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

Join the conversation

Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.