Forever 21 experienced a data security incident impacting a total of 539,207 people, according to documents filed with the Office of the Maine Attorney General. The data compromised included individual’s names, Social Security numbers, birth dates, bank account numbers and Forever 21 health plan information. The data breach was discovered on March 20, according to a notification letter by the company.
The retailer did not respond to Retail Dive’s questions regarding the nature of the breach.
From January 5 to March 21 this year, an unauthorized third party entered Forever 21’s systems at numerous times. Once the incident was discovered, the retailer launched an investigation with the help of cybersecurity firms. The company said it believes there is only a low risk to individuals whose personal data was involved.
The retailer has no evidence that any data was targeted or misused for fraud or identity theft. Forever 21 is offering the breach victims a complimentary 12-month membership of Experian’s IdentityWorks credit monitoring service.
“In addition, to help prevent a similar incident from occurring in the future, Forever 21 has implemented, and continues to evaluate and implement, additional measures to enhance the security of its systems and data,” Forever 21 CEO Winnie Perk said.