Clothing retailer "Forever 21" has more than 700 stores and 30,000 employees, along with several billion dollars in annual revenue.
Over the 2017 holiday break, the company updated an earlier breach announcement where it said some POS (point-of-sale) devices had encryption turned off, allowing credit card information and sometimes customer names to be accessed by bad actors:
"The investigation also found signs of unauthorized network access and installation of malware on some POS devices designed to search for payment card data. The malware searched only for track data read from a payment card as it was being routed through the POS device. In most instances, the malware only found track data that did not have cardholder name—only card number, expiration date, and internal verification code—but occasionally the cardholder name was found," the company says in its updated statement.
Interestingly, the company issued one statement for California residents and another for the rest of us, as you'll see on the top of the breach update page.
