Fast fashion retailer Forever 21 has warned customers of an unauthorised data breach granting access to credit card data.
A third-party source warned the retailer earlier this week that in some instances an encryption used to hide credit card details was not working.
It suggested that card details from transactions made between March and October this year had been subject to unauthorised access.
The breach was reportedly only on specific points of sale devices in certain stores, but the retailer which operates over 800 stores in nearly 60 countries had not disclosed which stores were affected.
It is not yet clear how many customers were potentially affected and the investigation is ongoing.
“Details on the attack are still patchy, but we know that the breach took place when encryption wasn’t applied to Forever 21’s point-of-sale systems,” cyber security firm Venafi’s Craig Stewart said.
“The next step should be making sure encryption is implemented across the entire organisation and, crucially, that once this is done IT retains control and visibility over all of the machine identities that are in use.
“Anything less is just re-arranging deck-chairs on the Titanic as hackers will just shift their focus and attack through encrypted traffic instead.”