Goodwill issued a public update regarding a data breach that was uncovered in late July, with no evidence of malware on retail store point-of-sale (POS) systems. However, a third-party vendor was affected and that opened the door to customer names, payment card numbers, and expiration dates to be accessed by cybercriminals.
The forensics investigation said the malware attack took place between February 10, 2013 to August 14, 2014 - and there appears to be very little fraudulent activity noticed by customers.
"We continue to take this matter very seriously," said Jim Gibbons, Goodwill CEO and president, in a public statement. " We took immediate steps to address this issue, and we are providing extensive support to the affected Goodwill members in their efforts to prevent this type of incident from occurring in the future."
If nothing else, Goodwill has been more transparent than other companies that have suffered a data breach in the past year. As the threat of POS malware attacks becomes even more apparent, this is a good time for retailers that haven't been hit to begin improving network security.