Breach Round Up

Processor Malware The Culprit Behind Goodwill Breach

Malware at a payment-card processor was responsible for the theft of details on an estimated 868,000 credit and debit cards used at Goodwill Industries thrift stores, the organization said on Wednesday (Sept. 3).

An independent forensic investigator found no evidence of malware on any internal Goodwill systems, including point-of-sale systems in stores. But malware was found on the systems of a third-party payment-processing vendor used by 330 stores in 19 states and Washington, D.C.

Goodwill did not name the processor, but said the cyberthefts took place during the 18 months between Feb. 10, 2013, and Aug. 14, 2014. All the affected Goodwill stores — about 10 percent of the charity franchise’s 2,900 stores — used the same third-party processor.

Names, payment card numbers and expiration dates were stolen in the breach, but there is no evidence that other customer personal information such as addresses or PINs were stolen.

Goodwill was first notified of a potential breach in July by what it identified as “a payment card industry fraud investigative unit and federal authorities,” which reported that a suspicious pattern of fraudulent charges at big box retailers and grocery chains had been traced back to cards used at the charity’s stores in Alabama, California, Colorado, Florida, Georgia, Illinois, Indiana, Kansas, Louisiana, Maryland, Missouri, North Carolina, New Mexico, Ohio, Pennsylvania, South Carolina, Tennessee, Virginia, West Virginia and Washington, DC.



Digital transformation has been forcefully accelerated, but how does that agility translate into the fight against COVID-era attacks and sophisticated identity threats? As millions embrace online everything, preserving digital trust now falls mostly on banks and FIs. Now, advances in identity data and using different weights on the payment mix afford new opportunities to arm organizations and their customers against cyberthreats. From the latest in machine learning for fraud and risk, to corporate treasury teams working in new ways with new datasets, learn from experts how digital identity, together with advances like real-time payments, combine to engender trust and enrich relationships.

Click to comment