最有看点的互联网金融门户

最有看点的互联网金融门户
其他国际资讯

Forever 21承认支付系统遭黑客攻击

上周四,服装零售巨头Forever 21宣布公司旗下店铺遭受黑客袭击,消费者银行支付卡信息可能遭遇泄露。据了解,本次遭受攻击的只是POS机端的支付行为和信息,Forever 21官网消费行为并未受到影响。

去年以来,包括Chipotle、GameStop、Whole Foods和Kmart在内的多家连锁企业都遭遇了数据泄露。

Forever 21在全球57个国家开设了815家店铺,其中包括英国、美国、澳大利亚、中国、印度、德国、日本和拉丁美洲多国。该公司并未对外透露受影响的具体消费者数量,仅承认这起泄露时间应该是从2017年4月3日到11月18日。据了解,Forever 21已建议消费者对自己的支付信息进行检查确认,同时Forever 21正与其支付处理平台、PoS机提供商和第三方安全专家一起携手解决这一事件,并承诺会在调查之后追究相关责任人法律责任。

Fashion retailer Forever 21 has confirmed that customers' payment card information may have been stolen over seven months this year after its point-of-sale terminals in numerous stores across the US were breached by hackers.

In an updated notification to customers, the company recently said hackers managed to install malicious software on some PoS devices at some of its stores at varying times between 3 April and 18 November.

Although Forever 21 noted that its payment processing system has been using encryption technology since 2015, an investigation found that the encryption on some PoS devices "was not always on", thereby leaving them vulnerable to hackers.

Forever 21 did not specify how many stores were affected in the attack and only said that not all terminals in every affected store were infected with malware. The company has over 815 stores in 57 countries including the US, UK, Australia, China, India, Germany, Japan and Latin America.

"Each Forever 21 store has multiple POS devices, and in most instances only one or a few of the POS devices were involved," the company said. "Additionally, Forever 21 stores have a device that keeps a log of completed payment card transaction authorisations. When encryption was off, payment card data was being stored in this log."

The company said malware was also installed on these log devices in some affected stores to steal customers' payment card data. "If encryption was off on a POS device prior to April 3, 2017 and that data was still present in the log file at one of these stores, the malware could have found that data.

"The malware searched only for track data read from a payment card as it was being routed through the POS device," the firm added. "In most instances, the malware only found track data that did not have cardholder name – only card number, expiration date, and internal verification code – but occasionally the cardholder name was found."

Forever 21 is currently working with its payment processors, PoS device provider and third-party security experts to address encryption issues in all of its stores. The company said it is working with law enforcement in its investigation of the attack.

The news caps off the litany of cyberattacks targeting retail giants and restaurants this year including Chipotle, GameStop, Whole Foods and Kmart among others.

"Forever 21 stores outside of the US have different payment processing systems, and our investigation is ongoing to determine if any of these stores are involved," the company said, noting that payment cards used on Forever 21's website were not affected in the breach.

"We regret this incident occurred and any concern this may have caused you," the firm said.

Customers have been advised to review their payment card statements for any suspicious unauthorised activity. IBTimes UK has reached out to Forever 21 for comment.


用微信扫描可以分享至好友和朋友圈

扫描二维码或搜索微信号“iweiyangx”
关注未央网官方微信公众号,获取互联网金融领域前沿资讯。

发表评论

发表评论

您的评论提交后会进行审核,审核通过的留言会展示在下方留言区域,请耐心等待。

评论

您的个人信息不会被公开,请放心填写! 标记为的是必填项

取消

抛弃PayPal,eBay搭上荷兰新支付创企

吕林倩 02-07

多伦多将探讨是否允许公民用加密币支付账单

火币区块链研究中心 01-31

Stripe宣布停止接受比特币支付

高旭 | PYMNTS 01-24

被比作“早期亚马逊或谷歌”,支付平台Square股价大涨

常笑 01-23

不用流量就能看新闻、转账、发消息?这家公司说可以

吕林倩 01-22

版权所有 © 清华大学五道口金融学院互联网金融实验室 | 京ICP备17044750号-1