In our November 16, 2017 bulletin we reported that clothing retailer Forever 21 suffered a data breach. Forever 21 has since issued a press release providing additional information about the payment card security incident. Their investigation revealed that encryption technology on some point-of-sale (PoS) devices at some Forever 21 stores was not always enabled and malware designed to search for payment card data was present on some devices during various times between April 3, 2017 and November 18, 2017. Forever 21 stores also have devices that maintain logs of completed payment card transaction authorizations and it was discovered that some were being utilized by the malware during the affected time period. The NJCCIC recommends all customers who shopped at Forever 21 stores during the impacted timeframe carefully monitor their bank card statements and report fraudulent charges as soon as possible.