Forever 21 -- Breached and PCI Compliant
I anticipate we will be seeing a lot more instances of merchants suffering payment card breaches while PCI compliant. The question is, will they be held liable for those breaches. An article soon on that. For now, here is an article on Forever 21, which just reported a breach involving over 98,000 card numbers. Forever 21 claims that is has been certified as PCI compliant since 2007. However, all of the incidents happened from March 2004 to August 2007. Therefore it is possible that Forever 21 was not PCI-compliant at the time of the incidents, but became so in after August 2007.