Forever 21 Point Of Sale (POS) Malware Breach

Executive Summary

In their efforts towards achieving success, businesses exploit the use of information technology such as Point-of-Sale which enables businesses to monitor important data instantly. However, Point-of-Sale has been targeted by hackers resulting in a breach of data. On 3rd April 2017, some Forever 21 retails experienced a POS breach for about seven months that resulted which interfered with their shoppers’ payment card data resulting in unauthorized retrieval of data. This report aims at investigating what led to the POS breach, noting the findings and as well coming up with a conclusion and recommendations to this solve this issue. In the findings, it was identified that in some instances, Forever 21 failed to keep the encryption of their POS systems active. As a result of the malfunctioning of its security parameters on their POS systems, their system was prone to hacker attacks who managed to breach the POS system successfully retrieve compromising shoppers’ payment details. It was therefore concluded with the emerging trends of attacks from hackers, Forever 21became a victim of this data breach due to its negligence by failing to take safety precaution measures by ensuring encryption of their POS system was always active and as well keeping their anti-viruses and internet security updated. As a recommendation to mitigate these issues, it is recommended that the company should use strong and hard to bypass passwords, ensure that their POS system always remains encrypted, improve their security and safety assessment strategies and also provide restricted access to POS to the administrator only.


Information technology is largely employed in business since it’s of more benefit. Information technologies such as the Point-of-Sale system have been adopted by many businesses which enables businesses to monitor important data instantly upon making a sale (Gomzin, 2014). However, some challenges have accrued from the attack Point-of-sale (POS) malware resulting in payment card theft by hackers. Even though it has hit an alarming rate over the past years, much has not been done to curb this issue as more businesses become victims of such attacks. Cybercriminal has taken different strategic tactics making a way for the big breach of Forever 21’s POS system (“Forever 21 Suffered 7-Month POS Malware Attack,” n.d.). Forever 21 is a business company that majors in the sale of men’s and women’s clothes and accessories their main target customers are teenage girls and young ladies operating approximately 400 retailers worldwide. The company’s POS systems were infected by the malware in a number of its retails for about 7 months from 3rd April to 18th November in 2017 resulting in their shoppers’ payment card details theft. Forever 21’s stores are located in various countries including, Singapore, South Kore, the United Kingdom, Canada, Japan, and Ireland (“Forever 21 Says POS Systems Exposed Customer Data for 8 Months,” 2018). Unauthorized data access was done resulting in the theft of payment card data which called for an investigation to be done. Therefore, this is a detailed report on the findings of the Forever 21 POS system breach with a comprehensive conclusion and recommendations to it.


A major finding was that Forever 21 encountered a POS malware breach that enables unauthorized hackers to access payment card information that had been used in some of its stores from 3rd April to 18th November 2017. The company deals in the sale of men’s and women’s clothes and related accessories with its main target customers being teenage girls and young ladies operating approximately 400 retailers worldwide (“Forever 21 Suffered 7-Month POS Malware Attack,” n.d.). However, it was noted that in some instances, Forever 21 failed to keep the encryption of their POS systems active. As a result of the malfunctioning of its security parameters on their POS systems, its system was prone to hacker attacks who managed to breach the POS system successfully retrieving compromising shoppers’ payment details. The company failed to carry out a regular security assessment in order to identify any mischievous activities like this hence being successfully attacked by cybercriminals. Apart from this, it was identified that the company had previously in 2015 had installed encryption and a token-authentic system meant to provide protection for all transacted data in the POS systems in their various retails (“Forever 21 Says POS Systems Exposed Customer Data for 8 Months,” 2018). But because of the dysfunction of the security parameters in some of their POS systems enabled cybercriminals to breach the P POS system successfully retrieving compromising shoppers’ payment details.

It was also identified that out of the affected stores, some store’s POS breaches lasted for 7 months while others only lasted for a few days or barely a few weeks. These cybercriminals managed to steal payment card details from United States customers who paid through the attacked POS systems (“Forever 21 Says POS Systems Exposed Customer Data for 8 Months,” 2018). In some instances, the company’s system stored information of transactions carried out which entailed payment card data that the cybercriminal managed to retrieve.

From the investigation, it was noted that Forever 21 occasionally failed to keep encryption of their POS systems active. Indicators of illegal network access were identified and also unauthorized malware installed found in some POS systems designated for searching payment card data resulting from weak passwords that were easily bypassed by the attackers. Specifically, the malware routed in the Forever 21’s POS systems only made a search for payment cards (“Forever 21 Suffered 7-Month POS Malware Attack,” n.d.). Nonetheless, this malware was determined to have retrieved shoppers’ payment card detail; dates of expiring, names and inter authentication codes.

Moreover, none of the payment cards that had been used on the Forever 21 website was retrieved during this hack. But actually, in some instances, the attackers took a strategic move by infecting devices which were storing log data with malware since this could facilitate them in finding logs, especially since the encryption was not activated before or after 3rd April 2017 it was possible and easy to access the data (Master, Bambos, & 2017 International Conference on Computing, 2017). Eventually, it was noted that the POS system breach on payment card data issue was facilitated by easy means of obtaining a card-scraping malware from secret forums for cybercriminals and also the poor security assessment in Forever 21’s POS systems.


Tackling POS breaches in cyberspace is an uphill task. There has been a tremendous increase in data leaks out of POS breaches as the attacks pick on different tactical strategies to enable them successfully gain access to systems and retrieve data. It is evident that Forever 21 has occasionally failed to carry out the most fundamental security measure such as ensuring antivirus software is always updated or providing regular training for their staff on ways to identify indicators of attacks. Moreover, Forever 21 has been negligent enough by failing to make sure that its POS systems are always encrypted. It is therefore important for Forever 21 to figure out and assess its weaknesses in its entire system, strategies, and legislation and as well seek a solution to solve the issue of its POS system breach. Understanding the risks, they are confronted with is the most appropriate way to mitigate the risk.


As a solution to this issue, it is therefore recommended that Forever 21 minimize the dwell time; the duration between the time of infection and discovery. Because Forever 21 greatly depends on the POS systems in transacting payments they need to be able to control and minimize dwell time in order to manage efficiently protect their shoppers’ data and manage risks too. Since dwell time is the grace period for hackers to steal payment card data that they can misuse by selling them on the dark web after retrieving it, it is, therefore, significant for the company to stay alert and ensure dwell time is minimized. An organization that actually has a dwell time limitation of 30 days ends up in a minimized business effect by 23% (“Point of Sale Cyber Crime,” 2015). Therefore, Forever 21 should consider limiting its dwell time of malware to 1 day to efficiently gain a 96% impact reduction to their business.

Forever 24 should also adopt effective measures to fight malware that is in the POS system unrecognized by ensuring that they keep a regular safety check and security assessment. If they fail to do that, they will expose shoppers’ data, the company’s reputation, and profits at stake as they will be exposed to hackers.

It is recommendable for the company to have strong passwords. For instance, as a push for stronger passwords, PCI DSS also have increased more necessities that urge for the usage of strong passwords (Chishti & Barberis, 2016). It is therefore mandatory for Forever 21 to change any weak passwords or the current POS administrative details. Bypassing through easy passwords is very easy and fast for cyber-attacks. Therefore, it is important for the organization to ensure that it introduces an enforceable policy on the use of a strong password that would need a two-factor authentication and ensure passwords are changed frequently, especially for the POS administrators’ accounts.

Forever 21 should always be aware of those who have authorized access to POS service accounts to carry out maintenance. Administrator-only access to POS system restrictions should be introduced and granted to only a few authorized individuals within the company. The company should also ensure to remain vigilant by monitoring the POS system against suspicious activities like multiple failed logins. Moreover, any suspicious activity should be critically investigated.

PCI- compliance certification is not enough to mitigate security risks. An effective mitigation measure against cyber-attacks is by enhancing security policies and risk assessment strategies exceeding compliance requirements. The use of PCI DSS is advisable as a security parameter (Nanda, Popat, & Vimalkumar, 2018). In case of any security issues identified, it is significant that immediate action is taken to fix them.

Forever 21 should ensure that its POS system is always encrypted which will facilitate the prevention of more data breaches. Encrypted POS systems help in the prevention of cyber-attacks since all their passwords are encrypted in the POS servers.

Taking into consideration these recommendations, Forever 21 retail will be assured that the chances -of experiencing cyber-attacks will be minimal. To advance the scope of protection, the organization should consider using advanced and secure POS systems. Having an investment in a trustworthy and secure POS system is advantageous to the company as it will earn a good reputation and large profits. In essence, having security issues out of the organization’s priority list enables it to focus on building its reputation and success.