Security Experts:

Connect with us

Hi, what are you looking for?



Hackers Compromised Goodwill Vendor For More Than a Year

The payment processor at the center of the data breach affecting Goodwill Industries International admitted that hackers held a foothold in their environment for more than year.

The payment processor at the center of the data breach affecting Goodwill Industries International admitted that hackers held a foothold in their environment for more than year.

In a statement, C&K Systems said it was informed by an independent security analyst July 30 that its hosted managed services environment may have been compromised. The following business day, C&K hired a team to research and analyze the problem and contacted law enforcement. The investigation uncovered that attackers had successfully penetrated the company’s hosted managed services environment intermittently between Feb. 10, 2013, and Aug. 14, 2014. The investigation also revealed that the company was compromised by infosteaerl.rawpos, point-of-sale malware its systems were unable to detect until Sept. 5.

“This unauthorized access currently is known to have affected only three (3) customers of C&K, including Goodwill Industries International,” according to the company’ statement. “While many payment cards may have been compromised, the number of these cards of which we are informed have been used fraudulently is currently less than 25.”

All the affected customers were notified and steps were taken to process payment cards outside of the systems while the investigation continued, the company explained.

Goodwill became aware of the breach after it was notified by federal authorities and a payment card industry fraud investigative unit. Their investigation turned up no evidence of malware on any internal Goodwill systems. Twenty Goodwill members – representing about 10 percent of its stores – were impacted by the breach.

“We took immediate steps to address this issue, and we are providing extensive support to the affected Goodwill members in their efforts to prevent this type of incident from occurring in the future,” said Jim Gibbons, president and CEO of Goodwill Industries International, in a statement. “We realize a data security compromise is an issue that every retailer and consumer needs to be aware of today, and we are working diligently to prevent this type of unfortunate situation from happening again.”

“This incident demonstrates the need for two things,” said Rob Cotton, CEO at NCC Group. “The first is supplier assurance, as your organization is only as secure as the weakest supplier who has access to your environment. The second is a solid incident response strategy for when the worst happens.”

Organizations should work on the basis that both they, and their suppliers, will be compromised at some point, he added.

C&K Systems said it has put in place “cyber security controls that will detect any further unauthorized access along with cutting-edge technologies to identify potential zero-day advanced persistent threats (APT)” throughout its infrastructure.

“Our software vendor is in the process of rolling out a full P2PE solution with tokenization that we anticipate receiving in October 2014,” according to the company. “Our experience with the state of today’s threats will help all current and future customers develop tighter security measures to help reduce threat exposure and to make them more cognizant of the APTs that exist today and the impact of the potential threat to their businesses.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.