Los Angeles Forever 21 issued a statement on its Web site on Friday with news that its systems may have been illegally accessed to obtain customer payment-card information.
The company said it determined that the incident may have affected a subset of its customers who shopped at its stores on the following nine dates: March 25, 2004; March 26, 2004; June 23, 2004; July 2, 2004; July 3, 2004; Aug. 4, 2007; Aug. 5, 2007; Aug. 13, 2007; and Aug. 14, 2007.
In addition, the incident may have affected customers who shopped at a Fresno, Calif. store between Nov. 26, 2003 and Oct. 24, 2005, the statement said.
On Aug. 5, 2008, the U.S. Department of Justice in Boston filed indictments against three individuals alleged to have committed crimes involving credit-card fraud against 12 retailers. That morning, Forever 21 was contacted by the U.S. Secret Service and was advised that the company was identified in the indictment as one of the retail victims, the statement said.
Forever 21 subsequently received from the Secret Service a disk of potentially compromised file data. Based on that investigation, the company believes that the unauthorized persons accessed older credit- and debit-card transaction data for approximately 98,930 credit- and debit-card numbers.
Approximately 20,500 of these numbers were obtained from the Fresno store transaction data.
Forever 21 said it is working to resolve the situation.