Clothes large Eternally 21 stated a data breach earlier within the yr impacts greater than half 1,000,000 people.
A data breach discover filed with Maine’s legal professional normal stated the style large was hacked over a three-month interval starting early January 2023, throughout which intruders obtained recordsdata from its techniques. This knowledge included the private data of present and former workers, stated Lorena Terroba Urruchua, a spokesperson for Eternally 21 through public relations agency FTI Consulting, in an e mail to information.killnetswitch.
In response to the discover, Eternally 21 notified 539,207 those who the breached knowledge included their identify, date of start, checking account quantity and Social Safety quantity, in addition to data relating to workers’ Forever21 well being plan, together with enrollment and premiums paid.
Eternally 21 didn’t describe the incident past a breach of its techniques, however famous that, “Eternally 21 has taken steps to assist guarantee that the unauthorized third get together now not has entry to the info.” It’s not clear how Eternally 21 obtained this declare of assurance. The ambiguous wording of the discover may indicate the corporate paid the hacker in change for deleting the info.
It’s not unusual for ransomware and extortion teams to threaten to publish the info they steal if the sufferer doesn’t meet a ransom demand, however security specialists have lengthy stated it’s not attainable to belief {that a} menace actor has deleted the info as claimed.
Eternally 21 spokesperson Terroba Urruchua declined to remark additional.
Eternally 21 has about 500 retail places and an internet retailer. It’s the second data breach lately after an enormous theft of bank card numbers from its retailer point-of-sale machines in 2017.
Final week, retail large Shein and Eternally 21 introduced a partnership that will enable each manufacturers to succeed in every others’ prospects, together with a deal by Shein to accumulate a few third of Eternally 21’s operator, Sparc Group. It’s not clear if information of Eternally 21’s data breach would have an effect on the partnership.
Corrected to notice that solely present and former workers affected, not prospects.
