Goodwill: Data Breach Came Through Vendor

Print
Email
Reprints
Comment
Twitter
LinkedIn
Facebook
Google+

An internal review at Goodwill Industries has concluded that hackers accessed customer payments data through a vendor-related weak spot.

The nonprofit retailer in July announced a possible breach and that it was investigating the matter. On Tuesday, it said a breach had occurred and affected about 10%, or roughly 330, of its thrift stores nationwide.

The incident involved a malware attack on one of its outside vendors between February 2013 and August 2014, Goodwill said in a press release. It allowed hackers to access customers' payment card information.

The attack affected stores in 19 states and the District of Columbia. No additional information was provided about the third-party vendor.

"We took immediate steps to address this issue, and we are providing extensive support to the affected Goodwill members in their efforts to prevent this type of incident from occurring in the future," Jim Gibbons, president and chief executive of Goodwill Industries International in Rockville, Md., said in the release.

Goodwill's investigation found no evidence of a malware attack on its internal systems, the release said.

Word of the findings coincided with an announcement Tuesday that Home Depot has begun investigating a possible data breach at its stores.

JOIN THE DISCUSSION

SEE MORE IN

RELATED TAGS

'Dodd-Frank Is Like the TSA': Comments of the Week
American Banker readers share their views on the most pressing banking topics of the week. Comments are excerpted from reader response sections of AmericanBanker.com articles and from our social media platforms.

(Image: iStock)

Comments (0)

Be the first to comment on this post using the section below.

Add Your Comments:
Not Registered?
You must be registered to post a comment. Click here to register.
Already registered? Log in here
Please note you must now log in with your email address and password.
Already a subscriber? Log in here
Please note you must now log in with your email address and password.