US-based clothing retailer giant Forever 21 has disclosed a data breach that occurred earlier this year, impacting more than half a million individuals. The breach, which took place between January and April 2023, resulted in hackers accessing files from Forever 21's systems. The personal information of both current and former employees was compromised, including names, dates of birth, bank account numbers, Social Security numbers, and details about health plans related to Forever 21.
According to a breach notice submitted to the attorney general of Maine, Forever 21 has notified 539,207 individuals that their data was compromised. The breached data includes information about the company's health plan, such as enrollment and premiums paid. The notice did not provide specific details about the incident, but Forever 21 stated that it had taken steps to prevent further unauthorised access to the compromised data. However, it remains unclear how the company obtained assurance that the data had been deleted, and there is speculation that Forever 21 may have paid the hacker to delete the data.
Forever 21 declined to provide further comment on the incident, leaving unanswered questions about the company's response and future actions.
This is the second data breach experienced by Forever 21 in recent years. In 2017, the company suffered a significant theft of credit card numbers from its point-of-sale machines.