Quantcast PC World: Technology Advice You Can Trust Search ____________________ Browse All * Home * News * Reviews * How-To * Blogs * Videos * Downloads * Shop & Compare * Community * Business Center Subscribe to magazine * Magazine * Subscribe & Get a Bonus CD * Customer Service IFRAME: ad728leader * RSS * Newsletters PC World Business Center Smart Technology for Smart Companies Topics: * Software / Services * Office Hardware * Security * Servers / Storage * Cell Phones / VoIP * Operating Systems * Networking * Virtualization Sponsored by Dell * PC World * » Business Center * » Security * » Data Protection * » News 0 0 Forever 21 Cards Compromised in Data Thefts Jaikumar Vijayan, Computerworld People who read this also read: Related Searches: * industry news * privacy * hackers * Find a Review [Select Category] ____________________ [Sort By....] Get Reviews Close Tuesday, September 16, 2008 1:25 PM PDT Nearly 99,000 payment cards used by customers at several Forever 21 Inc. retail stores may have been compromised in a series of data thefts dating back to August 2004. In a statement released last week and posted on the discount retailer's Web site, the Los Angeles-based company said it discovered the thefts only after being notified of them by the U.S. Department of Justice in Boston on Aug. 5. There was no explanation for why the company waited more than a month after it discovered the compromise to notify affected customers about it. The DOJ last month filed indictments against three people who allegedly hacked into computer systems belonging to 12 retailers to steal payment card data -- including a much-publicized breach at TJX Companies Inc. . Forever 21 said it was notified by the DOJ that it was one of the victims of those attacks and was given a disk containing "potentially compromised file data." A subsequent forensic analysis revealed that transaction data for approximately 98,930 credit and debit card numbers had been illegally accessed, with more than 20,000 of the transactions made at the company's Fresno store. The company's investigations indicated that the intrusions affected customers who shopped at the company's stores on nine specific dates. The first intrusion dated back to March 25, 2004, the most recent one occurred Aug. 14, 2007. The compromised data included credit and debit cards, expiration dates "and other card data," but did not include customer names or addresses. More than half of the compromised payment cards are either inactive or have expired, the company said. The company offered no details on what other data might have been compromised, and it was not clear whether all nine of the data theft incidents resulted from a single intrusion or whether the company's systems were broken into nine separate times. Forever 21 stressed that it has complied with the requirements of the credit card industry's Payment Card Industry Data Security Standards (PCI DSS) since they went into effect. And it noted it has been certified as being PCI-compliant since 2007. It was not immediately clear whether that compliance was achieved before or after August 2007, when four of the illegal data access incidents took place. Company officials did not return a phone call seeking comment. A toll-free number set up by Forever 21 to answer questions from customers offered an automated recording repeating what the company had said in its statement but offered no new details. The recording invited callers to leave their names and phone numbers with the promise that someone from the company would get back to them. A message seeking comment left at that number was not returned either. The incidents cited by Forever 21 appear linked to the early August arrests of 11 people on credit card fraud-related charges. They are believed responsible for a series of data heists at 12 major retailers, including TJX Companies Inc., Forever 21, BJ Wholesale Clubs Inc, DSW Inc. Office Max Inc., Barnes and Noble and Sports Authority. Last week, one of the arrested individuals, Damon Patrick Toey, pleaded guilty to four felony counts, including wire and credit card fraud and aggravated identity theft. He faces up to five years in prison for each of the felony counts plus an additional $250,000 in fines for each count. Court papers filed in connection with Toey's arrest and that of other individuals arrested in connection with the data thefts reveal that many of the intrusions were done by taking advantage of weak wireless security at individual retail store locations. Such incidents highlight the growing need for retailers to implement better security controls at the store level, said Rosen Sharma, chief technology officer at Solidcore Systems Inc. a Cupertino, Calif.-based security vendor. Until relatively recently, the PCI mandate did not require merchants to implement specific controls for protecting their store systems and networks from being tampered with or broken into, Sharma said. This has made these systems particularly attractive targets for data thieves looking for an easy entry point into a retail network. Often, retail stores locations have little to no physical or virtual security controls and are manned by staff with little knowledge about computer security issues, he said. * Sponsored Resource:Ten quick fixes for the worst security nightmares * Sponsored Resource:Learn more about ultra light notebooks from Asus and the best warranty in the industry. * Sponsored Resource:Thinking about a new Laptop? Lenovo has models to meet everyone's needs. * Sponsored Resource:Get the truth about remanufactured ink. Learn more from HP. * Sponsored Resource:Back up, access, share, and store all your family's digital media. Windows Home Server. * Recommend this story? * Vote Yes * Vote No * 0 Yes 0 No * Email * Comment Community Comments Posting comment ... News For Your Business * IRS Taxpayer Data is Insecure * Obama Plans to Keep his BlackBerry * Symantec Releases Patch for Application Delivery Program * NASA Hacker May be Tried in UK * Auditor: IRS Still Vulnerable to Cyber Breaches * Data Breaches Rose Sharply in 2008, Says Study * CheckFree Warns 5 Million Customers After Hack * 2009's Hottest Tech Trends * The 4 Security Rules Employees Love to Break * SecuriKey Enlists in Boot Camp More News PC World's Marketplace PC World's Free Whitepapers IFRAME: ad336showcase Data Protection News * Data Protection - January 18, 2009 IRS Taxpayer Data is Insecure Two audits suggest the IRS needs to clean up its network access and secure taxpayer data. * Data Protection - January 17, 2009 Obama Plans to Keep his BlackBerry The president-elect says the handheld is a tool to do his job and keep him grounded, avoiding the "bubble" of the presidency. * Data Protection - January 16, 2009 Symantec Releases Patch for Application Delivery Program Symantec is warning of a vulnerability in its AppStream product but has created a patch. * Data Protection - January 12, 2009 NASA Hacker May be Tried in UK NASA hacker Gary McKinnon offers to plead guilty if he can be tried in the U.K. instead of U.S. More [intel.gif] Latest Expert Blogs * [157768-twitter180_original.jpg] BizFeed - January 15, 2009 10:13 AM Connect to Customers with Twitter Use online networking to reach and grow your audience * [157730-send-to180_original.jpg] BizFeed - January 14, 2009 6:55 PM Send To: Immediately Process Desktop Files Customize this right-click menu to sling files to your preset locations. * BizFeed - January 14, 2009 4:22 PM No Jobs, No Apple? Despite all its success in recent years, can Apple really survive without its obsessively tyrannical leader? * [hp_061206_patchApatch.jpg] BizFeed - January 13, 2009 12:43 PM Critical Fixes Released for Microsoft, Oracle Both software giants are shipping patches today essential for business security. All Blogs Featured Resources Premier Content From Our Sponsors * Windows Home Server Dell Small Business Servers Click here to see how a Dell server can help you back up your company's data and save you valuable time. * HP Ink Center HP Ink CenterYou don't need a big budget to produce high quality marketing materials. Visit the HP Ink Center for more info... Best Prices on Backup Utilities * Popular * Top User Rated * All Categories [63809773_75.jpg] Norton Ghost 14.0 (Full Product)Price: $31.99 3.47 stars [32256281_75.jpg] Norton Save + Restore 2.0Price: $25.99 4.20 stars [63670804_75.jpg] True Image 11 Home (Full Product)Price: $46.95 4.50 stars [32256281_75.jpg] Norton Save + Restore 2.0Price: $25.99 4.20 stars * Desktops * Under $500 * $500 to $1000 * $1000 to $2000 * $2000 to $3000 * Over $3000 * Notebooks * Under $500 * $500 to $1000 * $1000 to $2000 * $2000 to $3000 * Over $3000 * Monitors * 19 Inches * 20 Inches * 21 Inches and Up * Printers * Inkjet Printers * Laser Printers * Multifunction Printers * Ink & Toner * Copier & Fax Machines * Copiers * Fax Machines * Fax & Copier Supplies * Networking * Wireless Networking * Network Storage * Print Servers * Servers * Power Supplies * UPSs * Surge Suppresors * Software * Business Productivity * Operating Systems * Communications * Utilities * Cell Phones * Phones * Smartphones * Headsets * Presentation Equipment * Projectors * Screens * Presentation Tools Featured Whitepapers White papers, case studies and product info from top brands Featured Webcasts Watch webcast presentations and videos from industry thought leaders on today's most important business and technology topics. For free. * [mimosasystems_-_use.jpg] Email Archiving 101: It's Not Just about Email Anymore Type: audio Company: Mimosa Systems Categories: Servers,Storage * [ninja_serverbasedmessaging.jpg] How to Improve Message Security and Lower MS Exchange Management Costs Type: video Company: Sunbelt Software Categories: Security,Servers,Virus Protection More webcasts * IDG NETWORK: * CIO * Computerworld * CSO * GamePro * Games.net * IDG Connect * IDG World Expo * Infoworld * ITWorld Canada * JavaWorld * LinuxWorld * Macuser * Macworld * MikroDatorn * Network World * PC Advisor * PC-Welt * PC World Hungary * PC World Latin America * PC World Komputer * Playlist * tecCHANNEL * News * Reviews * How-To * Blogs * Buying Guides * White Paper Library * Webcasts * About Us * Contact Us * Advertise * Newsletters * FAQ * RSS Feeds [PCWNetwork.gif] * PCWorld * PCW Business Center * Macworld * Mac User * OSX Hints * iPhone Central Visit other IDG sites: [Select One.......] * » Terms of Service Agreement * » Privacy Policy * » Community Standards © 1998-2007, PC World Communications, Inc. Site design by Jason Brightman [forever_21_cards_compromised_in_data_thefts.html]