Goodwill attack confirmed; 868,000 credit cards could be compromised

happygeek 3 410 Views

Goodwill Industries International, a network of 165 community-based agencies in North America, has been breached. This follows a previous announcement of a potential attack back in July. After an extensive forensic investigation lasting a month, Goodwill has now confirmed that "a third-party vendor’s systems" were indeed "attacked by malware, enabling criminals to access some payment card data of a number of the vendor’s customers."

According to the statement, about 10% of stores (or 20 Goodwill members if you prefer) using the same third-party vendor were involved; Goodwill insists that there is no evidence of malware on internal systems. The breach was of third-party systems containing payment card information of certain Goodwill members’ customers. Those numbers may appear quite small, but actually when delved into equate to 330 stores in 20 states and an estimated 868,000 payment cards compromised.

The attack took place between February 10, 2013, and August 14, 2014 although some stores were not exposed to such a long period of attack. Details of those store locations that were impacted, in case you are worried, can be found here.

One question that remains unanswered at this stage is who the mysterious third party vendor is, as the Goodwill statement does not name the company involved. Ken Westin, security researcher at Tripwire, says "the fact that Goodwill is not mentioning the third-party vendor by name, makes me question where the blame may lie. I believe the statement is purposely vague and raises more questions than it answers. Malware may have been installed on a third-party vendor’s systems, however where are those systems located, are these POS systems in the stores themselves connected to a network that is managed by Goodwill, or is the entire network and system managed by this mystery third-party vendor?"

Mark James who is a security expert at ESET, points the finger of blame at the franchise. "It’s the job of the franchise to protect our data. It is up to them to them ensure their POS machines are locked down and only the required is allowed to run. Operating systems and any third party software must also be up to date, and a good multi layered protection system should be in place."

Member Avatar for PixelatedKarma
PixelatedKarma 65 Junior Poster in Training

A great man once said; if it can be built....it can also be taken apart.

I think between iCloud being breached, this happening, the target attacks, etc. This is all just about par for the course. I think it'll be a long time before we see the end of breaches like this.

Member Avatar for Kelly Burby
Kelly Burby 44 Posting Pro

Well @PixelatedKarma I would agree with the word you have used i.e. if it can be built then it can also be taken apart, but tell me where does the iCloud came from ? I would say the breach in security isn't because of the fault from Apple its because of the fault of the user like consider I am a very great personality say Kelly and I am dumb and set my iCloud password my name and I guess there are number of attackers over the web who keep looking for such dumb users. So, I guess better would be to blame the users not iCloud ! :P

Member Avatar for happygeek
happygeek 2,411 Most Valuable Poster

The iCloud fiasco was a combination of the usual user dumbass stuff and some Apple dumbass stuff (in not locking down password retries using the find my phone route in).

Member Avatar for PixelatedKarma
PixelatedKarma 65 Junior Poster in Training

It's one of those things.....unfortunately even following security best practices for developers with the way technology changes at such a fast pace something will almost always get missed at initial launch and even as time goes on. To use iCloud as an example, apple has some of the brightest, smartest developers in their work force. They utilize multi- layered security....yet they missed preventing brute force attacks something that is one of the oldest types of hacking in the history of the internet. It happens and as long as everyone and their dog considers themselves a developer and as long as we as internet users keep trusting more and more information online, these breaches will continue.

Member Avatar for happygeek
happygeek 2,411 Most Valuable Poster

What Karma said :)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Edit Preview