Over 500,000 individuals have been affected by a data breach at Forever 21, a popular US-based fast fashion retailer. The breach was first discovered in March and subsequent investigations revealed that the attackers had gained access to Forever 21’s networks as early as January. The compromised data includes personal information such as employees’ full names, Social Security numbers, dates of birth, bank account numbers, and company health plan information. Forever 21 has reassured its customers that no customer data was exposed during the breach and that steps have been taken to prevent unauthorized access to the data.
It is unclear whether the attack involved ransomware. However, TechCrunch speculates that the language used by Forever 21 in their statement may suggest that the company is in negotiation talks with a ransomware attacker. This marks the second data breach for Forever 21 in recent years, after customer credit card numbers were stolen by hackers in 2017 from store point-of-sale machines.
Tyler Farrar, the Chief Information Security Officer at Exabeam, offered some insight into the Forever 21 data breach. He explained that one of the critical areas that often goes unnoticed in cybersecurity is initial access brokers. These are individuals or groups that sell credentials in the criminal marketplace, enabling other adversaries to cause further damage for a company. Farrar believes that this was likely the case with Forever 21, as the breach went undetected for a significant period of time. To prevent similar attacks, organizations need to focus on controlling access points and reducing dwell time. Monitoring user behavior and preventing compromised credentials incidents can help organizations react in real-time and protect user accounts.
In another incident, Continental Casualty Company, an insurance company based in Illinois, fell victim to a third-party data breach related to the popular file transfer app MOVEit. The breach occurred when an intruder gained access to Continental’s MOVEit server over two days in May. The hacker was able to download sensitive customer data during this time, including Social Security numbers. It is important to note that Continental’s systems were never directly breached. The breach was instead facilitated through a third party, as the attacker exploited vulnerabilities in the MOVEit app.
Pension Benefit Information (PBI), a provider of audit and address research services for Continental, discovered the breach and has since sent data breach letters to the impacted individuals on behalf of Continental. While Continental’s systems remain secure, the breach highlights the importance of closely vetting and securing third-party services to prevent unauthorized access to sensitive data.
As data breaches continue to pose a significant threat to individuals and organizations alike, it is crucial for companies to implement robust security measures and stay vigilant against emerging cyber threats. Proactive monitoring, access control, and regular vulnerability assessments can help mitigate risks and protect sensitive data from falling into the wrong hands.