Fast fashion retailer Forever 21 confirmed in a statement that it is investigating a claim that it suffered a data breach at stores from March to October 2017. But the retailer should be taking the desires of its Millennial and Gen Z shopper demographic more seriously if it wants to stay in their good graces, especially as the holiday season kicks into gear.
An unnamed third party suggested that cybercriminals may have had unauthorized access to data from payment cards used at certain Forever 21 stores, according to the statement. Forever 21 immediately began an investigation of its payment card systems and engaged a security and forensics firm to assist.
Forever 21 expects to provide an additional notice as it gets further clarity on the specific stores and timeframes that may have been involved. But while the retailer was quick to get out in front of the news, it could have done a better job conveying that message to its target audience of Millennial and Gen Z shoppers, according to Matt Rizzetta, CEO of North 6th Agency (N6A), a brand communications and social media agency. Rizzetta noted that while the statement was effective on a broad label, it was too vague and didn’t showcase enough transparency and clarity into potential solutions.
Advertisement
“Example A is a statement that is generic, broad, and the goal is communicating that to a mass audience and doing enough to get the job done and conveying that the brand is on the case and taking measures,” Rizzetta said in an interview with Retail TouchPoints. “For that A situation, the statement that Forever 21 delivered would be fine. I thought it was more than adequate if they were looking at it on a broad level. Example B would be if you need to come up with a statement or any kind of communication strategy specific to Millennials and Gen Zers, it needs to be much more specific. It needs to list which cybersecurity providers they’re analyzing, and indicate that they’re auditing their vendor relationships. That B example is much more relevant and effective for an audience that wants to hear specific actionable steps for the brand they have an affinity for.”
Forever 21 noted that it implemented encryption and tokenization solutions in its POS platforms in 2015, and that only certain devices in select stores were affected when the encryption on those devices was not operating properly. Yet the company has not revealed the specifics as to how many devices and consumers are affected.
With as many as 75% of U.S. shoppers admitting that identity theft is a major concern over the holiday season, the announcement of the Forever 21 breach comes at an inopportune time.
“The holidays are here,” Rizzetta said. “If this was a situation like other mainstream retailers have dealt with data security-related issues, generally those brands had the benefit of time on their side. They could put a clear game plan in place that had a timeline they could take to get from the problem to the solution. Forever 21 doesn’t have that luxury because they’re essentially in peak season is right now. If we were Forever 21’s boardroom and we need to rebuild loyalty and trust, we would tell them to lean on the two tenants of your value proposition: driving the best product value and the best possible experiences.”
Major retailers such as CVS, The Home Depot, Kmart, Michaels, Neiman Marcus, Sally Beauty Supply, SuperValu, Staples and Target experienced significant data breaches of their own, with many of them occurring between late 2013 and early 2015. Aside from a 2017 payment breach at Whole Foods, larger breaches that make national headlines haven’t been as common since most retailers migrated to EMV chip card technology.
However, retailers should still be vigilant and continue to assess and upgrade their current payment security systems, especially in the fallout of the Equifax breach that affected 143 million consumers in the U.S., the UK and Canada.
Forever 21 advised customers to monitor their credit card statements for unauthorized charges and immediately notify their financial institution if those charges are found.
