Fast-fashion retailer Forever 21 Inc. is not starting the new year with a cheer, as the company confirmed in the closing days 2017 that it had its retail point-of-sale terminals hacked and customer data stolen.

The hack was disclosed in November and occurred because Forever 21 failed to encrypt its POS terminals. Forever 21 didn’t specify how many customers had data stolen, but it did say in a press release that data was accessed between April 3 and Nov. 18 and that the hackers had managed to obtain data including credit card numbers, expiration dates, confirmation codes and in some cases cardholder names.

Although it didn’t specify the why, the company did disclose that encryption is usually used by its stores to protect its payment processing system. But in this case, some stores didn’t. “In a group of stores that were involved in this incident, malware was installed on the log devices that was capable of finding payment card data from the logs, so if encryption was off on a POS device prior to April 3, 2017 and that data was still present in the log file at one of these stores, the malware could have found that data,” the company noted.

Forever 21 went on to say that it had been working with its payment processors, POS device provider and third-party experts to address the failure in not encrypting customer data. The company added that it affected stores only within the United States and not its international operations.

The likely last hacking story for 2017 rounds out a year in which hacking POS systems became somewhat mainstream. The now Amazon.com Inc.-owned Whole Foods disclosed in September that its cash registers had been hacked after malware was detected within the company’s system. Chipotle Mexican Grill Inc., The Wendy’s Co. and Sonic Corp. also experienced similar hacks.

Photo: Raysonho/Wikimedia Commons