Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hackers Compromised Goodwill Vendor For More Than a Year

The payment processor at the center of the data breach affecting Goodwill Industries International admitted that hackers held a foothold in their environment for more than year.

The payment processor at the center of the data breach affecting Goodwill Industries International admitted that hackers held a foothold in their environment for more than year.

In a statement, C&K Systems said it was informed by an independent security analyst July 30 that its hosted managed services environment may have been compromised. The following business day, C&K hired a team to research and analyze the problem and contacted law enforcement. The investigation uncovered that attackers had successfully penetrated the company’s hosted managed services environment intermittently between Feb. 10, 2013, and Aug. 14, 2014. The investigation also revealed that the company was compromised by infosteaerl.rawpos, point-of-sale malware its systems were unable to detect until Sept. 5.

“This unauthorized access currently is known to have affected only three (3) customers of C&K, including Goodwill Industries International,” according to the company’ statement. “While many payment cards may have been compromised, the number of these cards of which we are informed have been used fraudulently is currently less than 25.”

All the affected customers were notified and steps were taken to process payment cards outside of the systems while the investigation continued, the company explained.

Advertisement. Scroll to continue reading.

Goodwill became aware of the breach after it was notified by federal authorities and a payment card industry fraud investigative unit. Their investigation turned up no evidence of malware on any internal Goodwill systems. Twenty Goodwill members – representing about 10 percent of its stores – were impacted by the breach.

“We took immediate steps to address this issue, and we are providing extensive support to the affected Goodwill members in their efforts to prevent this type of incident from occurring in the future,” said Jim Gibbons, president and CEO of Goodwill Industries International, in a statement. “We realize a data security compromise is an issue that every retailer and consumer needs to be aware of today, and we are working diligently to prevent this type of unfortunate situation from happening again.”

“This incident demonstrates the need for two things,” said Rob Cotton, CEO at NCC Group. “The first is supplier assurance, as your organization is only as secure as the weakest supplier who has access to your environment. The second is a solid incident response strategy for when the worst happens.”

Organizations should work on the basis that both they, and their suppliers, will be compromised at some point, he added.

C&K Systems said it has put in place “cyber security controls that will detect any further unauthorized access along with cutting-edge technologies to identify potential zero-day advanced persistent threats (APT)” throughout its infrastructure.

“Our software vendor is in the process of rolling out a full P2PE solution with tokenization that we anticipate receiving in October 2014,” according to the company. “Our experience with the state of today’s threats will help all current and future customers develop tighter security measures to help reduce threat exposure and to make them more cognizant of the APTs that exist today and the impact of the potential threat to their businesses.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.