US fashion retailer Forever 21 has been informed by US
authorities that hackers have stolen the credit and debit card
details of 99,000 of its customers.
The stolen data includes card numbers and expiry dates but not
customer names and addresses, and is said to have been taken in
different incidents going back to 2004.
Forever 21 has published an
advisory for its
customers on the theft, which is believed to be linked to credit
and debit card
theft at the much larger TJX group of companies.
In a statement Forever 21 said, "Our systems may have been
illegally accessed to obtain customer payment card information. We
have determined that this incident may have affected a subset of
our customers who shopped at our stores on nine dates [between 2004
and 2007].
"On 5 August 2008, the US Department of Justice in Boston filed
indictments against three individuals alleged to have committed
crimes involving credit card fraud against 12 retailers.
"That morning, Forever 21 was contacted by the US Secret Service
and was advised that our company was identified in the indictment
as one of the retail victims."
Details of the Forever 21 data loss became public following
charges brought against 11 men who allegedly hacked into other
major retail companies and stole more than 40 million credit and
debit card numbers.
Companies affected in that operation included Barnes &
Noble, OfficeMax and TJX, which owns TK Maxx in the UK.
Last week,
Damon Patrick Toey, one of the men accused of the TJX data breach
pleaded guilty. He is expected to be sentenced on 10
December.
The TJX data is believed to have become compromised through the
use of unsecured wireless network points. There is speculation that
Forever 21 may have also used unsecured wireless networks.
Millions of card numbers stolen in supermarket hack
>>
Thieves sell identities in bulk >>