The Forever 21 data breach is worse than feared – here's what happened

It went on for months, and happened because a safety measure wasn't turned on everywhere.

What happened?

If you shopped at a Forever 21 store in 2017, there's a chance your credit/debit card information has been stolen.

The clothing retailer – which first alerted people to the possibility of a breach in November – recently offered more details about how and when it happened.

What information was taken?

In most cases, payment card data: so the card number, expiration date, and an "internal verification code, according to Forever 21.

But there were some instances that the cardholder name was scraped up by the malware as well.

Which stores were affected?

Forever 21 isn't saying, only revealing that it was across the U.S. and happened over the course of about seven months.

The timeline the retailer gives is from April 3 through Nov. 18, 2017. In some stores, the unauthorized access went on nearly that entire time; in others, it was a matter of weeks, or even just a few days.

And it was only physical shops – online purchases weren't affected.

OK, so how did this happen?

Forever 21 didn't turn on some safety measures it had. 

The company says it's used an encryption technology for payment processing systems since 2015. In October of 2017, they were alerted to possible unauthorized access to that data, so hired people to investigate.


5 things you should take away from the Explore Minnesota Facebook page hack

The investigation found that the encryption technology simply wasn't turned on at some point-of-sale devices (the thing that reads and processes your card) in an unspecified number of Forever 21 stores.

That allowed malware to be installed on some of those point-of-sale machines. That malware would search for payment card data as it was being routed through the device – usually only getting the number and expiration date, but occasionally acquiring the cardholder name too.

Is that it?

Not quite. While the encryption was off and malware was installed between early April and mid-November, credit/debit cards from earlier purchases might also be affected.

That's because Forever 21 stores have a device that logs all completed card payment authorizations. If the encryption was off, payment card data was being stored there too. 


– The Tip Jar: Should you accept Equifax's free credit lock offer?

At some of the affected stores, the malware would look at that log – and could scoop up any payment card data that was saved there, including from before April 3.

What is Forever 21 doing about it?

Forever 21 says it's sorting out the point-of-sale device and encryption issues, and working with security firms to "enhance ... security measures."

The company is also alerting card issuers, so banks know about it.

And what should I be doing?

If you shopped at Forever 21 in 2017, keep an eye on your card accounts.

If you see any charges for something you didn't buy, call your bank or card issuer ASAP. (The number is usually on the back of your card.)

You can also check out your credit reports free of charge for any unusual activity, in case another line of credit has been applied for/opened in your name).

You're entitled to one free credit report every 12 months from each of Equifax, Experian and TransUnion, which you can get from

Next Up

Kirill Kaprizov / Minnesota Wild

3 first-period goals lead Wild over Kings

With three goals in just over three minutes, the Wild sealed their fifth straight victory.

butcher and the boar

Butcher & the Boar makes comeback with new ownership

Local hospitality company Jester Concepts has bought the brand. The new location is still being determined.


Staff at Mankato Hy-Vee incorrectly diluted COVID vaccines for 62 patients

The retailer says that there is no reason for medical concern.

Screen Shot 2021-02-26 at 7.19.58 PM

Twin Cities man going to great lengths to find beloved dog, missing in northern MN

He's hoping drone operators can help him locate Rowdi, his yellow lab.

Hennepin County Government Center

Some Hennepin County Government Center services will be unavailable during Chauvin's trial

Access to the building will be limited during the trail, which begins March 8.

Street sweeper

Driver, 19, killed in collision with street sweeper

It happened Thursday evening near Thief River Falls.

famous dave's

Famous Dave's to launch its first 'line service' restaurant in the Twin Cities

The new model of restaurant will open in September in Coon Rapids.

State Capitol.

Minnesota's budget outlook improves, now projecting $1.6B surplus

The state was projecting a $1.3 billion deficit in November.


Forever 21 says it was probably hit by a data breach

If you bought something there with a card, this might affect you.

What happened to the proposal to stop internet providers selling MN customers' data?

It got a lot of support – but right now isn't included in any bill. Here's what is going on.

2 major security flaws are affecting millions of phones, computers – here's what you should do

And you probably have a device that's at risk. Here's what you should do about it.

New proposal: Internet companies should pay you if they use or sell your data

It's your data that's valuable – should you get compensated for it?

This WPA2 KRACK attack means your WiFi is not secure – even though everyone thought it was

This newly reported flaw affects basically everybody – so here's what you should do.

The Equifax data breach: What do you do next?

143 million consumers had their information compromised.

Al Franken tears into former Equifax CEO over the data breach

Franken questioned the former CEO over the massive data breach.

The Uber data breach: What you need to know

Personal information of 57 million Uber users was accessed.