最有看点的互联网金融门户

最有看点的互联网金融门户
其他国际资讯

Forever 21承认支付系统遭黑客攻击

上周四,服装零售巨头Forever 21宣布公司旗下店铺遭受黑客袭击,消费者银行支付卡信息可能遭遇泄露。据了解,本次遭受攻击的只是POS机端的支付行为和信息,Forever 21官网消费行为并未受到影响。

去年以来,包括Chipotle、GameStop、Whole Foods和Kmart在内的多家连锁企业都遭遇了数据泄露。

Forever 21在全球57个国家开设了815家店铺,其中包括英国、美国、澳大利亚、中国、印度、德国、日本和拉丁美洲多国。该公司并未对外透露受影响的具体消费者数量,仅承认这起泄露时间应该是从2017年4月3日到11月18日。据了解,Forever 21已建议消费者对自己的支付信息进行检查确认,同时Forever 21正与其支付处理平台、PoS机提供商和第三方安全专家一起携手解决这一事件,并承诺会在调查之后追究相关责任人法律责任。

Fashion retailer Forever 21 has confirmed that customers' payment card information may have been stolen over seven months this year after its point-of-sale terminals in numerous stores across the US were breached by hackers.

In an updated notification to customers, the company recently said hackers managed to install malicious software on some PoS devices at some of its stores at varying times between 3 April and 18 November.

Although Forever 21 noted that its payment processing system has been using encryption technology since 2015, an investigation found that the encryption on some PoS devices "was not always on", thereby leaving them vulnerable to hackers.

Forever 21 did not specify how many stores were affected in the attack and only said that not all terminals in every affected store were infected with malware. The company has over 815 stores in 57 countries including the US, UK, Australia, China, India, Germany, Japan and Latin America.

"Each Forever 21 store has multiple POS devices, and in most instances only one or a few of the POS devices were involved," the company said. "Additionally, Forever 21 stores have a device that keeps a log of completed payment card transaction authorisations. When encryption was off, payment card data was being stored in this log."

The company said malware was also installed on these log devices in some affected stores to steal customers' payment card data. "If encryption was off on a POS device prior to April 3, 2017 and that data was still present in the log file at one of these stores, the malware could have found that data.

"The malware searched only for track data read from a payment card as it was being routed through the POS device," the firm added. "In most instances, the malware only found track data that did not have cardholder name – only card number, expiration date, and internal verification code – but occasionally the cardholder name was found."

Forever 21 is currently working with its payment processors, PoS device provider and third-party security experts to address encryption issues in all of its stores. The company said it is working with law enforcement in its investigation of the attack.

The news caps off the litany of cyberattacks targeting retail giants and restaurants this year including Chipotle, GameStop, Whole Foods and Kmart among others.

"Forever 21 stores outside of the US have different payment processing systems, and our investigation is ongoing to determine if any of these stores are involved," the company said, noting that payment cards used on Forever 21's website were not affected in the breach.

"We regret this incident occurred and any concern this may have caused you," the firm said.

Customers have been advised to review their payment card statements for any suspicious unauthorised activity. IBTimes UK has reached out to Forever 21 for comment.


用微信扫描可以分享至好友和朋友圈

扫描二维码或搜索微信号“iweiyangx”
关注未央网官方微信公众号,获取互联网金融领域前沿资讯。

发表评论

发表评论

您的评论提交后会进行审核,审核通过的留言会展示在下方留言区域,请耐心等待。

评论

您的个人信息不会被公开,请放心填写! 标记为的是必填项

取消

软银开发P2P区块链全球支付平台 已完成概念验证

高旭 | FINEXTRA 09-14

保护消费者知情权,FCA发布银行安全事件应急汇报新规

PP 08-21

数字支付平台Zelle计划进军小企业用户市场

高旭 | PYMNTS 08-17

全球支付网络服务平台Flywire获1亿美元融资

高旭 | FINEXTRA 07-27

软银计划年底在日本推出支付业务

Saritha Ra... | BLOOMBERG 07-23

版权所有 © 清华大学五道口金融学院互联网金融实验室 | 京ICP备17044750号-1