U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Fashion retailer Forever 21 data breach impacted +500,000 individuals

Fashion retailer Forever 21 disclosed a data breach that exposed the personal information of more than 500,000 individuals. On March 20, 2023, the fashion retailer Forever 21 has discovered a cyber incident that impacted a limited number of systems. The company immediately launched an investigation into the incident with the help of leading cybersecurity firms. […]

FOREVER 21

Fashion retailer Forever 21 disclosed a data breach that exposed the personal information of more than 500,000 individuals.

On March 20, 2023, the fashion retailer Forever 21 has discovered a cyber incident that impacted a limited number of systems. The company immediately launched an investigation into the incident with the help of leading cybersecurity firms. The retailer also notified law enforcement.

The investigation revealed that threat actors had access to certain Forever 21 systems at various times between January 5, 2023 and March 21, 2023.

“Findings from the investigation indicate the unauthorized third party obtained select files from certain Forever 21 systems during this time period. We have no evidence to suggest your information has been misused for purposes of fraud or identity theft as a result of this incident – and no reason to believe that it will be.” reads the data breach notification letter sent to the impacted individuals. “As a result, we believe the risk to individuals whose personal data was involved in this event is low. Nonetheless, a robust review of the files involved was conducted to identify individuals whose personal information may be contained in the files.”

This month, the investigation revealed that the exposed personal information includes names, Social Security numbers, dates of birth, bank account numbers (without access code or pin), and information regarding the Forever21 health plan, including enrollment and premiums paid.

According to the company, the total number of persons affected is 539207. To prevent similar incidents from occurring in the future, the company announced it has implemented additional cyber security measures to protect its infrastructure.

The company did not provide details about the attack, but it is likely it was the victim of a ransomware attack.

FOREVER 21 is offering a complimentary 12-month membership of Experian’s® IdentityWorks℠ identity protection service.

In November 2017, the US clothes retailer FOREVER 21 announced it had suffered a security breach, at the time the hackers stole payment card data at some locations.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Data Breach)