Thursday, October 02, 2008

Forever 21: PCI Auditor Missed 5-Year-Old Transaction Data

Evan Schuman writes on StorefrontBacktalk:

As more details drip out from Forever 21's data breach of almost 100,000 payment cards, the chain now says it had been certified PCI compliant, despite having stored complete card information from as far back as 2003.

"The files were inadvertently retained within other data files and this was not uncovered by the assessor," a statement from the chain said. (Our story from last week has been updated with the new information, along with a link to the earlier report of the breach.)

This is proving to be a frightening trend, with retailers believing they are compliant and much later on discovering various pockets of forbidden data scattered through their network.

More here.


Post a Comment

<< Home