Area Goodwill stores impacted by data security breach
Several area Goodwill stores were affected by a data security breach that allowed hackers to gain access to customers’ payment card information.
Goodwill Industries International (GII) announced Tuesday that 20 Goodwill members and more than 300 stores nationwide were impacted by the breach, which the organization initially learned of and reported in July.
Goodwill stores in South Union, Rostraver, Hempfield and East Huntingdon townships were among those affected, GII reported.
A full list of store locations affected by the breach is available at www.goodwill.org/payment-card-notice.
A forensic investigation launched by GII confirmed that the systems of a third-party vendor were attacked by malware that enabled hackers to access customers’ payment card data intermittently between Feb. 10, 2013 and Aug. 14, 2014.
Card information on the compromised systems included names, card numbers and expiration dates. GII said there was no evidence that other personal information, such as addresses or personal identification numbers, were affected by the breach.
According to information provided by GII, area stores experienced a shorter period of impact, between Oct. 1, 2013 and Aug. 14, 2014.
“We continue to take this matter very seriously,” said GII president and CEO Jim Gibbons in a prepared statement. “We took immediate steps to address this issue, and we are providing extensive support to the affected Goodwill members in their efforts to prevent this type of incident from occurring in the future.”
Twenty Goodwill members — including Goodwill of Southwestern Pennsylvania– reportedly used the third-party vendor to process credit card payments. GII said the impacted members took immediate action to ensure the malware no longer presented a threat to store customers.
GII said Goodwill members have received a limited number of reports of fraudulent card use from payment card brands.
In total, 33 stores belonging to Goodwill of Southwestern Pennsylvania were affected, including five stores in northern West Virginia.
GII said that it worked closely with federal law enforcement authorities and coordinated with payment card brands during the investigation.
“We realize a data security compromise is an issue that every retailer and consumer needs to be aware of today, and we are working diligently to prevent this type of unfortunate situation from happening again,” said Gibbons.
The investigation, GII said, found no evidence of malware on any internal Goodwill systems, only on the third-party vendor’s systems.