Forever 21 warns of potential data breach that impacted payment card transactions

(Photo by Andrew Burton/Getty Images)

LOS ANGELES — FOREVER 21 is in the process of notifying customers that may have been involved in a data breach.

The fashion retailer, which issued a statement Tuesday, says its investigation is focused on payment card transactions in stores from March 2017 to October 2017. Forever 21 adds that only certain point of sale devices in some of the stores were affected, though, a full list of retail locations have not been released.

Read the full statement below:

FOREVER 21 is notifying its customers that it recently received a report from a third party that suggested there may have been unauthorized access to data from payment cards that were used at certain FOREVER 21 stores. Forever 21 immediately began an investigation of its payment card systems and engaged a leading security and forensics firm to assist.

Because of the encryption and tokenization solutions that FOREVER 21 implemented in 2015, it appears that only certain point of sale devices in some FOREVER 21 stores were affected when the encryption on those devices was not in operation. The company’s investigation is focused on card transactions in FOREVER 21 stores from March 2017 – October 2017. Because the investigation is continuing, complete findings are not available, and it is too early to provide further details on the investigation. FOREVER 21 expects to provide an additional notice as it gets further clarity on the specific stores and timeframes that may have been involved.

It is always advisable for customers to closely monitor their payment card statements. If customers see an unauthorized charge, they should immediately notify the bank that issued the card. Payment card network rules generally state that cardholders are not responsible for such charges.

We regret that this incident occurred and apologize for any inconvenience. We will continue to work to address this matter. For more information, please visit www.forever21.com/protecting_our_customers.