Between approximately April 3 and November 18, 2017 (~7 months), POS malware infected Forever 21 retail store locations in the United States. Forever 21 issued an initial public notice in November 2017 after receiving a tip from a third party; detailed investigation findings were shared in January 2018. The breach was compounded by a significant security failure: Forever 21 had implemented point-to-point encryption (P2PE) for its payment terminals, but the encryption was not operating correctly or had been disabled at some locations — allowing malware to capture payment card data in plaintext. At some locations the malware was active for the full 7 months; at others only days or weeks. Malware both intercepted live transaction data and accessed stored logs of completed transactions on some devices. Exposed data included card numbers, expiration dates, CVVs, and in some cases cardholder names. In-store transactions only; e-commerce was unaffected. Note: Forever 21 suffered a separate, unrelated data breach in 2023 affecting employee data via a ransomware attack — that incident is documented separately in this repository.