Over a seven-month period in 2018, Forever 21 suffered a malware attack targeting their POS systems which led to the theft of payment card data of an undetermined number of customers. The fashion retailer acknowledged the lack of encryption on some POS devices, which facilitated the attack. The exact number of affected customers remains undisclosed, and the financial repercussions were not publicly shared. Nevertheless, Forever 21 settled a class-action lawsuit by agreeing to pay claims for expenses and charges arising from the incident, although the total cost of this settlement was not revealed.
Source: https://arcticwolf.com/resources/blog/10-major-retail-industry-cyber-attacks/
TPRM report: https://scoringcyber.rankiteo.com/company/forever-21
"id": "for305050624",
"linkid": "forever-21",
"type": "Breach",
"date": "07/2018",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'retail',
'name': 'Forever 21',
'type': 'fashion retailer'}],
'attack_vector': 'POS systems',
'data_breach': {'data_encryption': 'none on some POS devices',
'sensitivity_of_data': 'high',
'type_of_data_compromised': 'payment card data'},
'description': 'Over a seven-month period in 2018, Forever 21 suffered a '
'malware attack targeting their POS systems which led to the '
'theft of payment card data of an undetermined number of '
'customers.',
'impact': {'data_compromised': 'payment card data',
'legal_liabilities': 'class-action lawsuit',
'payment_information_risk': 'high',
'systems_affected': 'POS systems'},
'motivation': 'theft of payment card data',
'regulatory_compliance': {'legal_actions': 'class-action lawsuit'},
'title': 'Forever 21 POS Malware Attack',
'type': 'malware attack',
'vulnerability_exploited': 'lack of encryption on some POS devices'}