Forever 21 Faces Major Data Breach Impacting Current and Former Employees

Forever 21 Faces Major Data Breach Impacting Current and Former Employees


Fashion retailer Forever 21 has fallen victim to a significant data breach, affecting both present and former employees. The breach, which occurred earlier this year, has been confirmed by the company.

According to Forever 21, unidentified threat actors managed to infiltrate the company's infrastructure periodically from early January to late March 2023. During this breach window, the cybercriminals exfiltrated sensitive data from the company's endpoints. The stolen information includes individuals' full names, Social Security Numbers, birth dates, bank account numbers, and employee Health Plan details.

The company recently filed a breach notification with the Office of the Maine Attorney General, stating that it engaged with the attackers to prevent the leaked data from being disseminated online. While the details surrounding the incident suggest characteristics of a ransomware attack, Forever 21 has not confirmed such an attack. Recent trends in ransomware attacks have shown some threat actors forgoing the encryption step due to its complexities and cost, opting instead for data theft.

As of now, it remains unclear whether Forever 21 paid a ransom. Fortunately, the stolen data has not surfaced on the internet, but the company is advising caution. To mitigate the impact of the breach, Forever 21 will provide affected individuals with free fraud and identity theft protection services for one year. Those who believe they might be affected should exercise vigilance when receiving any form of communication, especially if it appears to be from Forever 21.

Forever 21 has already notified over 500,000 individuals about the cyberattack, which compromised their personal information between January and March 2023. The breach was identified on March 20, and Forever 21 reported it to the Maine Attorney General. Although the retailer assured that the data is now secure and has not been misused, the incident serves as a reminder of the ever-present threat of data breaches in today's digital landscape.