Forever 21

Over a period of seven months in 2018, Forever 21 experienced a significant cybersecurity incident when attackers accessed payment card data from an undisclosed number of customers. The attackers managed to penetrate the network and deploy malware designed to harvest credit card information straight from the retailer's point-of-sale (POS) system. A critical security lapse was identified as some of Forever 21's POS devices were not encrypted, which likely facilitated the breach. The exact number of impacted customers remains unclear, even years after the incident. Forever 21 faced a class-action lawsuit as a result of this breach and agreed to settle by compensating for the 'valid out-of-pocket expenses and charges that were incurred and plausibly arose' due to the breach. However, the total financial impact of this compensation has not been disclosed, leaving the full extent of the damage somewhat opaque.

Source: https://arcticwolf.com/resources/blog/10-major-retail-industry-cyber-attacks/

"id": "for1001050624",
"linkid": "forever-21",
"type": "Breach",
"date": "05/2023",
"severity": "75",
"impact": "2",
"explanation": "Attack limited on finance or reputation"