Forever 21 says nearly 99,000 cards compromised in data thefts

The thefts, which date back to 2004, were uncovered by the DOJ

1 2 Page 2
Page 2 of 2

Last week, one of the arrested individuals, Damon Patrick Toey, pleaded guilty to four felony charges, including wire and credit card fraud and aggravated identity theft. He faces up to five years in prison for each of the felony counts plus an additional $250,000 in fines for each count.

Court papers filed in connection with Toey's arrest and that of other individuals arrested in connection with the data thefts reveal that many of the intrusions were done by taking advantage of weak wireless security at individual retail store locations.

Such incidents highlight the growing need for retailers to implement better security controls at the store level, said Rosen Sharma, chief technology officer at Solidcore Systems Inc. a Cupertino, Calif.-based security vendor.

Until relatively recently, the PCI mandate did not require merchants to implement specific controls for protecting their store systems and networks from being tampered with or broken into, Sharma said. This has made these systems particularly attractive targets for data thieves looking for an easy entry point into a retail network. Often, retail store locations have little to no physical or virtual security controls and are manned by staff with little knowledge about computer security issues, he said.

Copyright © 2008 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon