We review vendors based on rigorous testing and research but also take into account your feedback and our affiliate commission with providers. Some providers are owned by our parent company.
Learn more
vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.
Advertising Disclosure

vpnMentor was established in 2014 to review VPN services and cover privacy-related stories. Today, our team of hundreds of cybersecurity researchers, writers, and editors continues to help readers fight for their online freedom in partnership with Kape Technologies PLC, which also owns the following products: ExpressVPN, CyberGhost, and Private Internet Access which may be ranked and reviewed on this website. The reviews published on vpnMentor are believed to be accurate as of the date of each article, and written according to our strict reviewing standards that prioritize professional and honest examination of the reviewer, taking into account the technical capabilities and qualities of the product together with its commercial value for users. The rankings and reviews we publish may also take into consideration the common ownership mentioned above, and affiliate commissions we earn for purchases through links on our website. We do not review all VPN providers and information is believed to be accurate as of the date of each article.

500k Employees’ Data Exposed in Forever 21 Breach

500k Employees’ Data Exposed in Forever 21 Breach
Author Image Keira Waddell
Keira Waddell Published on 6th September 2023 Senior Writer

Clothing retailer Forever 21 disclosed a data breach that has affected the personal information of over 500,000 individuals. The breach came to light when Forever 21 detected a cyberattack on March 20th, 2023, prompting an immediate investigation. The findings revealed that hackers had intermittently gained access to the company's systems between January 5th, 2023, and March 21st, 2023, allowing them to pilfer sensitive data.

In a notice filed with Maine’s attorney general, the company stated that 539,207 people were affected by the breach. The data encompassed a range of personal information, including full names, Social Security Numbers, birthdates, bank account numbers, and details related to Forever 21's Health Plan. This comprehensive data can be leveraged by cybercriminals for various malicious purposes, including identity theft and financial fraud.

The breach exclusively affected current and former Forever 21 employees, and the company was quick to clarify to BleepingComputer that customer data remained unaffected. It operates a vast network of 540 outlets worldwide and employs approximately 43,000 people.

Forever 21 has asserted that they've taken steps to ensure the deletion of the stolen data, suggesting possible communication with the hacker and a possible ransom payment. However, there has been no official confirmation regarding whether this incident was a ransomware attack. Furthermore, Forever 21 stated that they have no indication that the stolen data has been shared with other cybercriminals.

To assist those impacted by the breach, the company has promised to offer access to a 12-month fraud and identity theft protection service free of charge. This can help those affected mitigate the potential risks arising from the exposure of their sensitive personal data.

Forever 21 has had its share of data breach incidents in the past, with an incident in November 2017, in which customers were notified of a breach involving its payment system. In that incident, card data from transactions made between March and October 2017 was compromised.

This incident serves as a reminder of the evolving and persistent nature of cyber threats. Companies of all sizes and industries must remain vigilant and invest in robust cybersecurity measures to protect their systems and data.

About the Author

Keira is an experienced cybersecurity and tech writer dedicated to providing comprehensive insights on VPNs, online privacy, and internet censorship.