Cyber Incident Victim: Goodwill Industries
Date:
Jun 2013
Location:
United States of America
Summary
A suspected credit and debit card breach impacted multiple locations of a major nonprofit retail organization, with financial institutions identifying fraudulent transactions on cards previously used at its stores across numerous states. The compromise led to unauthorized charges at various non-affiliated retailers, prompting an investigation coordinated with federal authorities while the organization had not yet confirmed the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In mid-July 2014, financial institutions across the United States began identifying patterns of fraudulent activity involving credit and debit cards previously used at various Goodwill Industries retail locations. Multiple banks reported tracing compromised payment cards to transactions conducted at Goodwill stores, indicating a likely point-of-sale system breach affecting an undetermined number of outlets. Goodwill Industries International, headquartered in Rockville, Maryland, first became aware of the potential incident on July 18, 2014, when contacted by financial sector partners about suspicious card activity. The organization, comprising 165 independent agencies across the United States and Canada with additional international operations, immediately initiated an investigation in coordination with federal law enforcement authorities. While Goodwill publicly acknowledged the potential breach, it emphasized that no data compromise had been conclusively confirmed at that stage. The U.S. Secret Service, typically responsible for investigating major financial crimes, did not publicly comment on its involvement in the case during the initial disclosure period.
The fraudulent activity manifested through unauthorized charges at non-Goodwill retail establishments, including big box stores and supermarket chains, suggesting criminals had exfiltrated payment card data rather than conducting direct fraud at Goodwill locations. Financial industry analysts confirmed the pattern of card misuse affected consumers who had shopped at Goodwill stores spanning at least 21 states, though investigators had not yet determined the total number of compromised locations or the timeframe of the breach. Goodwill Industries International stated it maintained ongoing communication with its regional affiliates and stood ready to implement corrective measures should forensic analysis confirm any data security failures at individual stores. The organization's primary operations involved selling donated goods to fund job training and community programs, with the breach potentially impacting both its retail operations and public trust in its charitable mission during the investigation period. No estimates regarding the number of affected payment cards or financial losses were disclosed publicly during the initial phase of the inquiry.