Goodwill industries is investigating a possible theft of customer card data.
The Rockville, Md., organization sells donated clothing and household items, and use the proceeds to fund job training programs, employment placement services and other community-based initiatives.
According to security blogger Brian Krebs, financial institutions have identified multiple locations of Goodwill Industries stores as likely points of compromise for an unknown number of credit and debit cards.
The charity told Krebs it first learned about a possible incident last Friday, July 18. It has not yet confirmed a breach, but it is working with federal authorities on an investigation into the matter.
"Goodwill Industries International was contacted last Friday afternoon by a payment card industry fraud investigative unit and federal authorities informing us that select U.S. store locations may have been the victims of possible theft of payment card numbers," the company wrote in an email, according to the blog.
"Investigators are currently reviewing available information," the statement continued. "At this point, no breach has been confirmed but an investigation is underway. Goodwills across the country take the data of consumers seriously and their community well-being is our number one concern. Goodwill Industries International is working with industry contacts and the federal authorities on the investigation. We will remain appraised of the situation and will work proactively with any individual local Goodwill involved taking appropriate actions if a data compromise is uncovered."
According to the blog, a pattern of fraud has been detected for cards that were all previously used at Goodwill stores across at least 21 states. The affected cards all appear to have been used at Goodwill stores, the fraudulent charges on the cards occurred at non-Goodwill stores, such as big box retailers and supermarket chains. This is consistent with activity seen in the wake of other large data breaches involving compromised credit and debit cards, including the break-ins at Target, Neiman Marcus, Michaels, Sally Beauty, and P.F. Chang's, Krebs notes.