Forever 21 said Thursday it is tightening security efforts at its store cash wraps following its disclosure last month of a breach at some of its U.S. stores.
Details of the security breach, which was first disclosed publicly by the company in November, did not include how many stores within the U.S. were impacted or in what states. The retailer said it is continuing to look at whether any of its overseas stores were impacted since those doors run off of point-of-sale systems different from its domestic locations.
Forever 21 does business in 57 countries via a fleet of more than 815 stores.
The company said encryption technology at some cash registers had been turned off in certain cases and malware installed by criminals looking to mine the system for customer payment data. Forever 21 confirmed the malware was able to access cardholder names in some instances but in most cases was only able to obtain card numbers, expirations and verification codes.
The vulnerability in the system occurred between April 3 and Nov. 18 of this year with each store impacted by the breach subject to varying lengths of exposure ranging from days to the entire April-November period, Forever 21 said. The company’s investigation also found some stores’ authorized payment data logs could have also potentially been under attack by the malware.
“In addition to addressing encryption, Forever 21 is continuing to work with security firms to enhance its security measures,” the company said in a statement Thursday. “We also continue to work with the payment card networks so that the banks that issue payment cards can be made aware of this incident. Lastly, we will continue to support law enforcement’s investigation of this incident.”