Forever 21, the teen-focused (or wanna-be-a-teen-focused) clothing chain, has revealed that the credit card numbers accessed in a massive data breach in January of this year actually dated all the way back to 2003 in some cases.
According to Evan Schuman’s StorefrontBacktalk, “the almost 100,000 credit and debit cards accessed from the chain in a breach included transactions from 2003 through 2005, which was stored on a corporate data center, apparently in violation of PCI rules.”
Other stores involved in the same data breach (TJ Maxx and Sports Authority among them) had data stolen via “wardriving,” ie, the thieves hacked into point of sale data through stores’ unprotected wireless Internet. Forever 21, on the other hand, reported that their data was taken directly from a corporate data center.
Also weird: all the data from 2003-2005 seems to have come from a single store in Fresno, CA.
This makes me curious about whether it was really the same hackers — why would they take one tactic with nearly a dozen other stores, and this with another? Any experts out there care to venture a guess on this?
