We’ve all done it. We’ve slunk into a Forever 21 store in our local mall, rifled through the endless, unorganized stacks of sequin-ed, flimsy clothing hoping to strike retail gold. We’ve rationalized buying that $6 shirt, justifying to ourselves that even if it falls apart tomorrow (which it absolutely will), it’s fine because we didn’t spend that much on it to begin with. Right?

Turns out, it may have cost some folks a lot more than that. The popular clothing retailer disclosed last week that hackers gained access to credit card information of customers who shopped on specific dates between 2004 and 2007.

The company hasn’t revealed the number of customers who had their information swiped (so to speak), but it did say that various point of sales (POS) terminals were affected between April 3 and November 18, 2017. The hackers didn’t mess around, collecting credit card numbers, expiration dates, verification codes and in some occasions, cardholder names.

How did this happen? Unfortunately, there’s a pretty simple answer – the company failed to turn on encryption in some of its POS terminals. Mind-blowing.

“With its endless POS endpoints, the retail industry has always been a desirable target for cybercriminals,” says Mark Cline, a VP at managed security services firm Netsurion. “They know that if they can introduce malware into POS networks, they can make a decent amount of cash by selling credit card numbers on the dark web. With their millions of customers, large retailers, like Forever 21, have typically been the hardest hit.” Yeah, especially if you don’t encrypt your POS systems…

Cline goes on to say that companies must pay up to $172 per stolen record in clean-up costs. A major retailer just paid $18.5 million to address the impact of its 2013 hack, which resulted in 41 million stolen credit cards.

Many companies still think anti-virus software and managed firewalls are enough. Perhaps it was that way years ago, but partners specializing in the retail world know that to properly protect a company from POS malware, ransomware and other threats, retail businesses must run a strong offense with active monitoring and threat detection. They must harden their IT and POS security.

Considering the threat landscape now, retailers need tools and the knowhow to harden their  security stance and protect their infrastructure from POS malware and ransomware. As providers, you can offer a Security Operations Center (SOC), around-the-clock monitoring, evaluation, and response of all security alerts. You can also evaluate the universe of threats retailers face, triage, and escalate resources to deal with critical threats on an ongoing basis.

Here are a few good rules of thumb from Cline to pass along to customers:

Forever 21 sent notification letters to the customers who were affected and contacted the three major credit reporting bureaus.