advertisement
advertisement


Forever 21, DSW Clarify Their Data Breach Details

Written by Evan Schuman
September 15th, 2008
Two major retailers—Forever 21 and DSW—have for the first time released small details about their roles in what has become known as the TJX Breach, the worst ever recorded in credit card history.

On Friday (Sept. 12), Forever 21 issued a statement saying that the chain had been wirelessly breached repeatedly between Mar. 25, 2004, and Aug. 14, 2007, and that thieves "accessed older credit and debit card transaction data for approximately 98,930 credit and debit card numbers," including about 20,500 card numbers taken from one particular store in Fresno, Calif.

This Story Is Only Available For Premium Subscribers. Click Or Login In Below To Read The Rest Of This Story.


advertisement

One Comment | Read Forever 21, DSW Clarify Their Data Breach Details

  1. Della Lowe Says:

    They were breached “multiple times” for over three years!!! How do you spell WIPS? There is no way that anyone should be using a WLAN without having a way to understand what is in the air, who is connected to them and how to stop it. When these breaches started the wireless intrusion prevention industry was in its infancy but certainly any IT person should have been keeping up with developments and understood that once you have a WLAN you need to go beyond the security measures you have been using for your wired side network. I would be willing to bet that this is just the tip of the iceberg. Does anyone wonder just how many other companies could be out there and still not know they have a sycophant sitting on their network. Wireless security is no more an optional technology than is your front door lock or your firewall.

Leave a Reply

Readers, specifically those who want to comment on a story:
Our Comment SPAM system is getting very aggressive these days and has been blocking legitimate comments. If you post a comment and don't see it appear within 2 hours or so, can you please send a heads-up to customer-service@storefrontbacktalk.com? Ideally, please include the time you posted the comment. That will allow us to try and hunt for it. Thanks! P.S. We're working on fixing the system, but we don't want to lose any valuable comments in the meantime.

Weekly, Monthly Newsletters

Quickly catch-up on the latest in E-Commerce and Retail Tech with our free weekly report, with urgent bulletins as news merits—along with our monthlies on Mobile, Security, In-Store, E-Commerce and CRM.
advertisement

Most Recent Comments

"Careless" Systems Integrators Now Directly Under PCI DSS

This exact issue has been bothering me for years, and I was JUST talking about it with someone only yesterday. This may well be my favorite article, mostly because I'm biased and have hated this particular problem forever. Read more...
Good article, but how does this have anything to do with the DSS? Read more...
Actually, the QIR program has a lot to do with the DSS (or PCI). Since merchants rely on their reseller or integrator to implement their PA-DSS validated application, these resellers and system integrators play a critical role in merchants achieving and maintaining PCI compliance. As far as I can tell, the QIR program is designed to help merchants stay compliant by making sure their payment applications are installed according to the PA-DSS Implementation Guide, for example ensuring default passwords are changed (and protected), that the data encryption keys are properly set and secured, that the merchant's data retention policy is set, that no sensitive cardholder data are stored, and often that a firewall is in place and properly configured. Read more...
Although this is a great move forward in pushing the issue of highly trained people, it is also a good marketing ploy for the council. It begs the question: How much do they stand to make? The problem for this is that for people (like myself) that are just starting out their own business venture, PCI has typically charged a premium for their training and certifications. This change will likely force those of us with less capital to spin into the abyss. I have more than 15 years in the security and compliance fields with heavy hitter certs like CISSP, CRISC, and Sec+. There should not be a guide but a free test or a pre-requisite of either the PCI cert OR other heavy hitter certs. I just don't want the good guys in small places to get flushed out. Read more...

StorefrontBacktalk
Our apologies. Due to legal and security copyright issues, we can't facilitate the printing of Premium Content. If you absolutely need a hard copy, please contact customer service.