Unencrypted POS systems linked to possible data breach

American ‘fast fashion’ retailer Forever 21 has alerted its customers to a potential card data breach thought to have affected certain stores with unencrypted POS systems.

The Los Angeles-based company said it is investigating unauthorized access to data from payments cards that were used at certain Forever 21 stores between March and October this year.

After being alerted of the potential breach by an unnamed third party, the retailer said it has engaged a “leading security and forensics firm” to spearhead the investigation.

“Because of the encryption and tokenization solutions that Forever 21 implemented in 2015, it appears that only certain point of sale devices in some Forever 21 stores were affected when the encryption on those devices was not in operation,” the company stated.

Although primarily focused on the US market, Forever 21 operates more than 800 stores worldwide. At this stage, however, the number of affected stores or geographic scope of the breach has not been disclosed.

“Because the investigation is continuing, complete findings are not available, and it is too early to provide further details on the investigation,” the company said.

“Forever 21 expects to provide an additional notice as it gets further clarity on the specific stores and timeframes that may have been involved.”

As they await further details, customers were advised to check their payment card statements for any unauthorized charges.