Admin

Apparel retailer Forever 21 says point-of-sale systems in some of its stores were infected by malware for up to seven months, compromising shoppers' payment card data.

On Tuesday, Forever 21 issued an update on its investigation into the "payment card security incident" that it first announced in November.

The retailer now says that an investigation conducted by a third-party incident response firm that it hired has found that malware infected some POS devices last year between April 3 and November 18, and that in some cases "encryption technology" being used by its "payment processing system" was not active, allowing malware-wielding attackers to steal payment card data that was being stored in logs of completed transactions.

Some...

Databases never lie, right? That is, unless they're infected with malware.

FireEye recently released its M-Trend reports, which looks at data breaches investigated by its Mandiant forensics arm. The report finds that breach investigations are increasingly prompting audits intended to ensure organizations are still compliant with Sarbanes-Oxley.

The law, passed in the U.S. in 2002, sought to bring more corporate transparency for investors and stronger penalties for misreporting financial data. It fundamentally changed risk management and assessment, holding top executives accountable for presenting accurate financial statements.

When the law was enacted, the state of information security was arguably a great deal less hostile than it...