National Stores Discloses Data Breach

National Stores Inc., the parent company of more than 300 value stores, disclosed Jan. 22 that its computers had been the subject of a malware attack.

Michael Fallas, National Stores’ chief executive officer, said the attack gave hackers access to shoppers’ payment-card information. The attack took place between July 16 and Dec. 11, 2017.

“We have been working closely with the FBI, cyber-security experts and payment-card brands to contain the incident and protect our customers’ payment cards,” Fallas said in a statement. “The malware has been removed from our system, and no customers will be responsible for any fraudulent charges to their accounts. We are in the process of strengthening the security of our point-of-sale systems to prevent this from happening in the future.”

The affected payment-card information may have included names, payment-card numbers, expiration dates and security codes. Fallas did not disclose the number of payment cards affected.

National Stores is encouraging customers to carefully review and monitor their payment-card account statements. If a customer believes his or her payment card may have been affected, the customer should immediately contact his or her bank or card issuer.

Further information for customers can be found at the National Stores website at or by calling (833) 214-8746.

National Stores currently does business as Fallas, Fallas Paredes, Fallas Discount Stores, Factory 2-U, Anna’s Linens by Fallas and Falas (spelled with a single “l” in Puerto Rico).

National Stores is not the only big retailer to be the victim of a malware attack in the past few months. In November, fast-fashion giant Forever 21 announced that some of its point-of-sales devices were hacked when the devices’ encryption programs were not in operation.

Data breaches could potentially force heavy costs on retailers. In May 2017, Target Corp. announced an $18.5-million multistate settlement for a data breach disclosed in December 2013.

About 70 million people may have been affected, according to a statement from the major retailer.

California Attorney General Xavier Becerra said that California would receive more than $1.4 million from the settlement, which found that Target failed to provide reasonable data security.