Forever 21 On the Firing Line in Latest Data Breach

November 17, 2017 By: Steven Anderson

There’s trouble for Forever 21—and for anyone who shops there—as the company recently revealed that some of its stores had been hit with a data breach. While the company didn’t note specifically which stores were impacted, it did note that the breaches hit under the same conditions: when encryption on point-of-sale devices wasn’t running.

Forever 21 started an investigation into its own processes when it got notification from a third party that there had been unauthorized access into Forever 21’s operations. The company then began an investigation into operations from October to as far back as March, and discovered that, indeed, breaches had occurred. Given that the investigation is ongoing, however, the company couldn’t make much more comment than that.

The news comes at a terrible time for Forever 21; it recently partnered with General Growth Properties, a major mall owner in the United States, to launch a new freestanding store known as Riley Rose geared specifically toward millennials. Riley Rose, according to CEO Do Won Chang, was specifically meant to be “experiential” and focus on “…accessories, cosmetics and home goods for the millennial consumer.” Ten stores were to be opened this year, and another three to follow next year.

That plan might well be hamstrung; Forever 21 taking a data breach in mid-November, with holiday shopping ready to go, is an unmitigated disaster. A 2014 study found that as many as 45 percent of shoppers would either “definitely” or “probably” avoid a regularly- visited store over the holiday shopping season that experienced a data breach. Fully 16 percent fell into the “definitely” category with the rest slightly less resolved at “probably,” but either way, this is a kick in the teeth that Forever 21 did not need.

A data breach announced just ahead of Black Friday is a calamity, especially for Forever 21, which wasn’t exactly doing all that well to begin with. This could be a disaster Forever 21 can’t recover from, but we’ve seen firms recover from data breaches before. If the company acts quickly, behaves openly, and makes proper overtures to those affected, the company may be able to walk out of this in one piece, serving as a demonstration of how important encryption at the point of sale is.