Paramount, Forever 21 Data Breaches Set Stage for Follow-on Attacks

The Forever 21 breach alone affects a half-million people, who could be a mix of consumers and employees; Paramount is staying mum on who exactly is impacted.

A pair of breaches have hit media giant Paramount Global and fashion purveyor Forever 21, exposing personally identifiable information for thousands of people in the latters case and setting them up for a raft of follow-on attacks.
In Paramounts case, the Hollywood bigwig disclosed in a
data breach notification letter
obtained by media that cyberattackers accessed PII for certain individuals for a month, between May and June of this year. The data included names, birthdates, Social Security numbers, drivers license numbers, passport numbers, and information related to [the individuals] relationship with Paramount.
Its unclear if the data pertains to website members, employees, customers, or other profiles — or how many are affected. The data breach notification letter, penned by an operations executive at Nickelodeon Animation Studio, did not elaborate.
Meanwhile,
Forever 21
said in a
data breach notification
that hackers accessed PII belonging to 539,000 current and former employees, including names, Social Security numbers, birthdates, and bank account numbers. The letter also said that information regarding your Forever21 health plan was accessed, including enrollment and premiums paid.
The retailer discovered the intrusion on August 4, but the unauthorized access took place between Jan. 5 and March 21.
While stolen PII, especially Social Security numbers, can be used to
carry out identity theft
and a host of other fraud, more personalized information, such as the data on the Forever 21 health plans and descriptions of victims relationship to Paramount, could be used to mount convincing follow-on phishing attacks aimed at capturing even more lucrative data from victims. To boot, even the initial cache of
stolen info could lead to account takeovers
. Thus, impacted individuals should be on the lookout for a range of attack methods.
This is a significant number of records that contain very sensitive information that have been potentially compromised, said Erich Kron, security awareness advocate at cybersecurity company KnowBe4, via email. The data could easily be bundled and sold on the Dark Web and not used for months or even years. Information such as a Social Security number does not expire and can be useful for attackers for decades.
Its unclear what security holes led to the cyber intrusions and which systems were accessed in these cases, but the breaches are a good reminder to companies that hold PII to lock down obvious avenues of attack by patching vulnerabilities, ensuring
cloud instances are not misconfigured
for open access, and
hardening authentication methods
for databases and servers that house PII.
Data breaches, while detrimental to the organization breached, have severe repercussions for companies who encounter fraudsters leveraging the stolen data, says Stuart Wells, CTO at Jumio. This underscores the necessity for robust identity verification measures across all organizations — companies must establish every users true identity to ensure that the user accessing an account is not a fraudster.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Paramount, Forever 21 Data Breaches Set Stage for Follow-on Attacks