Goodwill Industries probes possible payment card breach

Federal authorities and payment card industry fraud units notified Goodwill on Friday

Goodwill Industries International said Monday federal authorities are investigating a possible payment card breach at its U.S.-based retail outlets.

The nonprofit agency, which sells donated goods to fund employment programs, was notified on Friday, according to a statement from Lauren Lawson-Zilai, Goodwill's director of public relations. The U.S. Secret Service is investigating along with payment card industry fraud units.

A number of large retail companies have been affected by aggressive campaigns by hackers seeking to compromise point-of-sale (POS) terminals, the computerized cash registers that process payment card transactions.

Such systems were involved in data breaches at Target, Neiman Marcus and Michaels. In those cases, malicious software was installed on the terminals and collected payment card details.

Other companies, including P.F. Chang's China Bistro and Sally Beauty, have disclosed data breaches but not detailed what lead to the losses.

The successful attacks against POS systems have taken place despite a years-long campaign to ensure payment card systems are well protected against attacks.

Visa and MasterCard mandate that merchants follow the Payment Card Industry's Data Security Standard (PCI-DSS), a lengthy set of recommendations for security payment processing systems. Still, the systems are complicated, and simple configurations errors can be capitalized on by hackers.

Goodwill said it planned to take "prompt and appropriate actions" if a breach is discovered.

"Goodwills across the country take the data of consumers seriously and their community well-being is our number one concern," it said.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies