Data Breach at Goodwill Compromises 868,000 Cards
Goodwill Industries confirmed yesterday that a data breach in 330 of its stores may have compromised an estimated 868,000 debit and credit cards.
Payment card information, such as names, payment card numbers and expiration dates, may have been compromised. However, personal information such as addresses and PIN numbers were not affected.
According to their investigation, a third-party vendor’s systems were attacked by malicious software, enabling criminals to access some payment card data of a number of the vendor’s customers. The impacted Goodwill stores used the same affected third-party vendor to process credit card payments. Goodwill is not naming the third-party vendor due to an ongoing investigation.
The investigation found no evidence of malware on any internal Goodwill systems.
“We took immediate steps to address this issue, and we are providing extensive support to the affected Goodwill members in their efforts to prevent this type of incident from occurring in the future,” Jim Gibbons, president and CEO of Goodwill Industries International, said in a statement.