Goodwill Industries International (GII) today provided an update on behalf of its members regarding the potential data security issue it previously announced in July, including the store in Great Bend.
A third-party forensic expert has been hired to conduct an extensive investigation. GII and its members have also been working closely with federal law enforcement authorities and coordinating with the payment card brands to determine the facts, according to the companies website.
The forensic investigation has confirmed that a third-party vendor’s systems had been attacked by malware, enabling criminals to access some payment card data of a number of customers. The impacted Goodwill members used the same affected third-party vendor to process credit card payments.
Corrective measures have been taken.
Twenty Goodwill members (representing about ten percent of all stores) that use the same affected thirty-party vendor have been impacted, and no evidence of malware on any internal Goodwill systems.
The third-party vendor’s had payment card information, such as names, payment card numbers, and expiration dates of certain Goodwill members’ customers. There is no evidence that other customer personal information, such as addresses or PINs, was affected by this issue.
The malware attack was intermittent between Feb. 10, 2013, and Aug. 14, 2014. Some stores experienced shorter periods of impact.
The company reports Goodwill members have received a very limited number of reports from the payment card brands of fraudulent use of payment cards connected to Goodwill members’ stores.
“We continue to take this matter very seriously. We took immediate steps to address this issue, and we are providing extensive support to the affected Goodwill members in their efforts to prevent this type of incident from occurring in the future,” said Jim Gibbons, President and CEO of Goodwill Industries International. “We realize a data security compromise is an issue that every retailer and consumer needs to be aware of today, and we are working diligently to prevent this type of unfortunate situation from happening again. Goodwill’s mission is to provide job training for people with disabilities and disadvantages. We provide this service to millions of people each year. They, our shoppers and our donors, are our first priority.”
Stores affected in Kansas were: Andover; Derby; El Dorado; Emporia; Garden City; Great Bend; Hays; Hutchinson, 1707 N. Waldron; Junction City; Maize, 3737 N. Maize Rd.;
Salina, 2640 Planet Ave.; Wichita, 3636 N. Oliver, 5025 S. Broadway, 5525 W. Central, 1625 S. Rock Rd., 2172 N. Amidon; and Winfield, 1908 E. 9th Ave.
Goodwill faces security breach