Published: September 12, 2008
Forever 21 Provides Notice to Customers Regarding Security Breach Incident
LOS ANGELES, Sept. 12 /PRNewswire/ -- Forever 21 has posted a notice to
its website, http://www.forever21.com, to alert customers who shopped at our
stores on the dates and during the period identified below about a security
breach incident. Law enforcement recently informed Forever 21 that our systems
may have been illegally accessed to obtain customer payment card information.
We have determined that this incident may have affected a subset of Forever 21
customers who shopped at our stores on the following nine dates: March 25,
2004; March 26, 2004; June 23, 2004; July 2, 2004; July 3, 2004; August 4,
2007; August 5, 2007; August 13, 2007; and August 14, 2007. In addition, the
incident may have affected customers who shopped at ourFresno, California
store located as 567 E. Shaw Ave. between November 26, 2003 and October 24,
2005.
On August 5, 2008, the U.S. Department of Justice inBoston filed
indictments against 3 individuals alleged to have committed crimes involving
credit card fraud against 12 retailers. That morning, Forever 21 was
contacted by the U.S. Secret Service and was advised that our company was
identified in the indictment as one of the retail victims. We subsequently
received from the Secret Service a disk of potentially compromised file data.
We promptly retained forensic consultants to help us examine the file data and
our systems. Based on that investigation, we believe that the unauthorized
persons accessed older credit and debit card transaction data for
approximately 98,930 credit and debit card numbers. Approximately 20,500 of
these numbers were obtained from theFresno store transaction data. The data
included credit and debit card numbers and in some instances expiration dates
and other card data, but did not include customer name and address. More than
half of the affected payment card numbers are no longer active or have expired
expiration dates.
We have been working with our acquiring bank and payment card networks to
resolve the situation. Affected customers may receive a written notice about
this incident from their card issuing institutions, mailed to the address
related to the account number. We have also contacted the three principal
credit reporting bureaus, Equifax, Experian and TransUnion, to advise them of
the situation. Since 2007 when the Payment Card Industry Data Security
Standards (the "PCI Standards") were imposed, our systems have been certified
to be in compliance with the PCI standards, including the data encryption
standards. After we were informed of this incident, we adopted additional
proactive security measures and continue to regularly monitor our systems for
intrusions.
In the posting on our website, http://www.forever21.com, we have provided
information about steps customers may take to protect themselves from payment
card fraud. The information includes measures recommended by the Federal
Trade Commission (the "FTC") and materials available on the FTC's Web site,
http://www.consumer.gov/idtheft/.
Customers with questions about this incident should review our website
posting or may contact us at the following customer service number,
1-888-757-4447.
SOURCE Forever 21, Inc.
Copyright © 2012, PRNewswire
Copyright © 2012, NewsBlaze,
Daily News
Search News
Daily News
