Fashion retailer Forever 21 has confirmed and provided additional details on the payment card security breach that occurred at some of its US stores in November 2017.
An investigation carried out by the firm revealed that the encryption technology on some point-of-sale (POS) devices was not always on at certain stores.
The firm has also found some POS devices with signs of unauthorised network access and installation of malware, which was designed to search for track data read from a payment card on the devices.
The malware found card number, expiration date and internal verification code in majority of instances, while cardholder name was found occasionally, the fashion retailer said.
The malware was also installed on a log device that was used to store payment card data, when the encryption was off.
Currently, the firm is working with its payment processors, POS device provider and third-party experts to resolve the encryption issues on the POS devices at all its stores.
Forever 21 has also collaborated with security firms to boost the security measures.
While the firm has other payment processing systems in international markets, investigation is being carried out to verify if those devices were also affected.