Goodwill's goodwill rocked as Feds probe bank card hacking scam

We think we're safe, insists non-profit

Protecting against web application threats using SSL

American charity Goodwill is being investigated by US federal authorities as the possible ground zero for a major debit and credit card security breach. But the company says it thinks it's in the clear.

"Goodwill Industries International was contacted last Friday afternoon by a payment card industry fraud investigative unit and federal authorities informing us that select U.S. store locations may have been the victims of possible theft of payment card numbers," the US non-profit said in a statement.

"Investigators are currently reviewing available information. At this point, no breach has been confirmed but an investigation is underway."

Goodwill accepts donations of discarded household items and clothing, sells them in a network of stores, and online, and then uses the money to provide job training, teach language skills and so on. The org was set up as a Methodist outreach ministry and now has revenues counted in the billions.

"A sad fact of modern security: even the best of us are targets, as we see with the emerging breach at Goodwill. Many organizations have been in denial for too long – executives are tempted to think 'why would anyone come after us?', when we're a charity, or a medical institution, or a sports team," said Dr Mike Lloyd, CTO at security biz RedSeal Networks.

"Many industries are loved by the public, and can lapse into thinking they don't have enemies, and so don't really need to worry about security. But the fact is that attackers use automation, and search for any door you leave open in your infrastructure – they can twist doorknobs on a global scale, and they don't much care which doors they open."

Security journalist Brian Krebs first reported that the store chain was under investigation after financial institutions began to notice a series of debit and credit card frauds. While none of these occurred at Goodwill itself, several of these institutions have pointed to the chain as a common source for card fraud at other stores.

According to financial industry sources the problems may go as far back as summer last year, and incidents that have been linked to Goodwill customers have been reported in 21 states, including California, Texas, Florida and New Jersey.

The US Secret Service, named as the agency investigating, had no comment at time of going to press. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story


Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.