Paramount, Forever 21 Data Breaches Set Stage for Follow-on Attacks

The Forever 21 breach alone affects a half-million people, who could be a mix of consumers and employees; Paramount is staying mum on who exactly is impacted.

photo of the inside of Forever 21 shopping center in Times square New York city
Source: Sam Dao via Alamy Stock Photo

A pair of breaches have hit media giant Paramount Global and fashion purveyor Forever 21, exposing personally identifiable information for thousands of people in the latter's case and setting them up for a raft of follow-on attacks.

In Paramount's case, the Hollywood bigwig disclosed in a data breach notification letter obtained by media that cyberattackers accessed PII for certain individuals for a month, between May and June of this year. The data included names, birthdates, Social Security numbers, driver's license numbers, passport numbers, and "information related to [the individual's] relationship with Paramount." 

It's unclear if the data pertains to website members, employees, customers, or other profiles — or how many are affected. The data breach notification letter, penned by an operations executive at Nickelodeon Animation Studio, did not elaborate.

Meanwhile, Forever 21 said in a data breach notification that hackers accessed PII belonging to 539,000 current and former employees, including names, Social Security numbers, birthdates, and bank account numbers. The letter also said that "information regarding your Forever21 health plan" was accessed, including "enrollment and premiums paid."

The retailer discovered the intrusion on August 4, but the unauthorized access took place between Jan. 5 and March 21.

Precursors for More Cyberattacks

While stolen PII, especially Social Security numbers, can be used to carry out identity theft and a host of other fraud, more personalized information, such as the data on the Forever 21 health plans and descriptions of victims' relationship to Paramount, could be used to mount convincing follow-on phishing attacks aimed at capturing even more lucrative data from victims. To boot, even the initial cache of stolen info could lead to account takeovers. Thus, impacted individuals should be on the lookout for a range of attack methods.

"This is a significant number of records that contain very sensitive information that have been potentially compromised," said Erich Kron, security awareness advocate at cybersecurity company KnowBe4, via email. "The data could easily be bundled and sold on the Dark Web and not used for months or even years. Information such as a Social Security number does not expire and can be useful for attackers for decades."

It's unclear what security holes led to the cyber intrusions and which systems were accessed in these cases, but the breaches are a good reminder to companies that hold PII to lock down obvious avenues of attack by patching vulnerabilities, ensuring cloud instances are not misconfigured for open access, and hardening authentication methods for databases and servers that house PII.

"Data breaches, while detrimental to the organization breached, have severe repercussions for companies who encounter fraudsters leveraging the stolen data," says Stuart Wells, CTO at Jumio. "This underscores the necessity for robust identity verification measures across all organizations — companies must establish every user's true identity to ensure that the user accessing an account is not a fraudster."

About the Author(s)

Tara Seals, Managing Editor, News, Dark Reading

Tara Seals has 20+ years of experience as a journalist, analyst and editor in the cybersecurity, communications and technology space. Prior to Dark Reading, Tara was Editor in Chief at Threatpost, and prior to that, the North American news lead for Infosecurity Magazine. She also spent 13 years working for Informa (formerly Virgo Publishing), as executive editor and editor-in-chief at publications focused on both the service provider and the enterprise arenas. A Texas native, she holds a B.A. from Columbia University, lives in Western Massachusetts with her family and is on a never-ending quest for good Mexican food in the Northeast.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights