Data Breach at Goodwill Compromises 868,000 Cards

September 4, 2014, Written By John H. Oldshue
Goodwill Store Exterior Sign

Goodwill Industries confirmed yesterday that a data breach in 330 of its stores may have compromised an estimated 868,000 debit and credit cards.

Payment card information, such as names, payment card numbers and expiration dates, may have been compromised. However, personal information such as addresses and PIN numbers were not affected.

According to their investigation, a third-party vendor’s systems were attacked by malicious software, enabling criminals to access some payment card data of a number of the vendor’s customers. The impacted Goodwill stores used the same affected third-party vendor to process credit card payments. Goodwill is not naming the third-party vendor due to an ongoing investigation.

The investigation found no evidence of malware on any internal Goodwill systems.

The breach has affected 330 stores in 19 states plus the District of Columbia. Goodwill has been investigating the possibility of a breach since July.

“We took immediate steps to address this issue, and we are providing extensive support to the affected Goodwill members in their efforts to prevent this type of incident from occurring in the future,” Jim Gibbons, president and CEO of Goodwill Industries International, said in a statement.



The information contained within this article was accurate as of September 4, 2014. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.