LOS ANGELES, Sept. 12 /PRNewswire/ -- Forever 21 has posted a notice to
its website, http://www.forever21.com, to alert customers who shopped at
our stores on the dates and during the period identified below about a
security breach incident. Law enforcement recently informed Forever 21 that
our systems may have been illegally accessed to obtain customer payment
card information. We have determined that this incident may have affected a
subset of Forever 21 customers who shopped at our stores on the following
nine dates: March 25, 2004; March 26, 2004; June 23, 2004; July 2, 2004;
July 3, 2004; August 4, 2007; August 5, 2007; August 13, 2007; and August
14, 2007. In addition, the incident may have affected customers who shopped
at our Fresno, California store located as 567 E. Shaw Ave. between
November 26, 2003 and October 24, 2005.
On August 5, 2008, the U.S. Department of Justice in Boston filed
indictments against 3 individuals alleged to have committed crimes
involving credit card fraud against 12 retailers. That morning, Forever 21
was contacted by the U.S. Secret Service and was advised that our company
was identified in the indictment as one of the retail victims. We
subsequently received from the Secret Service a disk of potentially
compromised file data. We promptly retained forensic consultants to help us
examine the file data and our systems. Based on that investigation, we
believe that the unauthorized persons accessed older credit and debit card
transaction data for approximately 98,930 credit and debit card numbers.
Approximately 20,500 of these numbers were obtained from the Fresno store
transaction data. The data included credit and debit card numbers and in
some instances expiration dates and other card data, but did not include
customer name and address. More than half of the affected payment card
numbers are no longer active or have expired expiration dates.
We have been working with our acquiring bank and payment card networks
to resolve the situation. Affected customers may receive a written notice
about this incident from their card issuing institutions, mailed to the
address related to the account number. We have also contacted the three
principal credit reporting bureaus, Equifax, Experian and TransUnion, to
advise them of the situation. Since 2007 when the Payment Card Industry
Data Security Standards (the "PCI Standards") were imposed, our systems
have been certified to be in compliance with the PCI standards, including
the data encryption standards. After we were informed of this incident, we
adopted additional proactive security measures and continue to regularly
monitor our systems for intrusions.
In the posting on our website, http://www.forever21.com, we have
provided information about steps customers may take to protect themselves
from payment card fraud. The information includes measures recommended by
the Federal Trade Commission (the "FTC") and materials available on the
FTC's Web site, http://www.consumer.gov/idtheft/.
Customers with questions about this incident should review our website
posting or may contact us at the following customer service number,
1-888-757-4447.
|
