The payment processor at the center of the data breach affecting Goodwill Industries International admitted that hackers held a foothold in their environment for more than year.
In a statement, C&K Systems said it was informed by an independent security analyst July 30 that its hosted managed services environment may have been compromised. The following business day, C&K hired a team to research and analyze the problem and contacted law enforcement. The investigation uncovered that attackers had successfully penetrated the company’s hosted managed services environment intermittently between Feb. 10, 2013, and Aug. 14, 2014. The investigation also revealed that the company was compromised by infosteaerl.rawpos, point-of-sale malware its systems were unable to detect until Sept. 5.
“This unauthorized access currently is known to have affected only three (3) customers of C&K, including Goodwill Industries International,” according to the company’ statement. “While many payment cards may have been compromised, the number of these cards of which we are informed have been used fraudulently is currently less than 25.”
All the affected customers were notified and steps were taken to process payment cards outside of the systems while the investigation continued, the company explained.
Goodwill became aware of the breach after it was notified by federal authorities and a payment card industry fraud investigative unit. Their investigation turned up no evidence of malware on any internal Goodwill systems. Twenty Goodwill members – representing about 10 percent of its stores – were impacted by the breach.
“We took immediate steps to address this issue, and we are providing extensive support to the affected Goodwill members in their efforts to prevent this type of incident from occurring in the future,” said Jim Gibbons, president and CEO of Goodwill Industries International, in a statement. “We realize a data security compromise is an issue that every retailer and consumer needs to be aware of today, and we are working diligently to prevent this type of unfortunate situation from happening again.”
“This incident demonstrates the need for two things,” said Rob Cotton, CEO at NCC Group. “The first is supplier assurance, as your organization is only as secure as the weakest supplier who has access to your environment. The second is a solid incident response strategy for when the worst happens.”
Organizations should work on the basis that both they, and their suppliers, will be compromised at some point, he added.
C&K Systems said it has put in place “cyber security controls that will detect any further unauthorized access along with cutting-edge technologies to identify potential zero-day advanced persistent threats (APT)” throughout its infrastructure.
“Our software vendor is in the process of rolling out a full P2PE solution with tokenization that we anticipate receiving in October 2014,” according to the company. “Our experience with the state of today’s threats will help all current and future customers develop tighter security measures to help reduce threat exposure and to make them more cognizant of the APTs that exist today and the impact of the potential threat to their businesses.”
More from Brian Prince
- U.S. Healthcare Companies Hardest Hit by ‘Stegoloader’ Malware
- CryptoWall Ransomware Cost Victims More Than $18 Million Since April 2014: FBI
- New Adobe Flash Player Flaw Shares Similarities With Previous Vulnerability: Trend Micro
- Visibility Challenges Industrial Control System Security: Survey
- Adobe Flash Player Zero-Day Exploited in Attack Campaign
- Researchers Demonstrate Stealing Encryption Keys Via Radio
- Researchers Uncover Critical RubyGems Vulnerabilities
- NSA, GCHQ Linked to Efforts to Compromise Antivirus Vendors: Report
Latest News
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- New York Man Arrested for Running BreachForums Cybercrime Website
- Huawei Has Replaced Thousands of US-Banned Parts With Chinese Versions: Founder
- Latitude Financial Services Data Breach Impacts 300,000 Customers
