Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 26 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Goodwill admits breach was enabled by attack on third party

by The Gurus
September 4, 2014
in Editor's News
Share on FacebookShare on Twitter

North American non-profit community organisation, Goodwill Industries International, has confirmed that a malicious attack on third-party systems impacted its retail members.
 
In a statement, Goodwill Industries International confirmed that a third-party vendor’s systems were attacked by malware, which enabled attackers to access some payment card data of a number of the vendor’s customers. The impacted Goodwill members used the same affected third-party vendor to process credit card payments.
 
Goodwill said a forensic investigation found that each of the impacted Goodwill members took immediate action to ensure that the malware found on the third-party vendor’s systems no longer presented a threat to individuals shopping at the affected Goodwill members’ stores.
 
The investigation found that 20 Goodwill members (representing about 10 per cent of all stores) who use the same affected third-party vendor were impacted, although there was no evidence of malware on any internal Goodwill systems. Affected were systems that contained payment card information, such as names, payment card numbers, but there is no evidence that customer personal information, such as addresses or PINs, were accessed.
 
Jim Gibbons, president and CEO of Goodwill Industries International, said: “We continue to take this matter very seriously. We took immediate steps to address this issue, and we are providing extensive support to the affected Goodwill members in their efforts to prevent this type of incident from occurring in the future.
 
“We realise a data security compromise is an issue that every retailer and consumer needs to be aware of today, and we are working diligently to prevent this type of unfortunate situation from happening again. Goodwill’s mission is to provide job training for people with disabilities and disadvantages. We provide this service to millions of people each year. They, our shoppers and our donors, are our first priority.”
 
Its investigation found that the attack affected the third-party vendor’s systems intermittently between February 10th 2013, and August 14th 2014 in total. Some stores experienced shorter periods of impact.
 
Ken Westin, security researcher at Tripwire, pointed to the fact that the third-party vendor was not mentioned by name, making him wonder where the blame may lie.
 
“A lot of, if not most retailers, rely on third-party vendors to some degree in payment systems,” he said. “I believe the statement is purposely vague and raises more questions than it answers. Malware may have been installed on a third-party vendor’s systems, however where are those systems located? Are these POS systems in the stores themselves connected to a network that is managed by Goodwill? Or is the entire network and system managed by this mystery third-party vendor?”
 
Richard Blech, CEO of Secure Channels, said: “Another day and another breach. Hackers have no boundaries and seek to exploit any and all possible victims whoever and wherever to get access to sensitive and private data. More than ten percent of Goodwill’s 2,900 stores were infected by a malware for more than a year before being discovered through a forensics investigation.
 
“It has now become abundantly clear that the current point-of-sale (PoS) systems, both on the hardware and software side, are now vulnerable and a proven target of the hackers. Simply being PCI compliant is no longer sufficient. Da
ta emanating from and transmitting through PoS systems needs to be secured with absolute certainty.”

FacebookTweetLinkedIn
ShareTweet
Previous Post

Phishing quiz finds HR fail while R&D succeed

Next Post

12 year siphoning campaign hit German companies from UK websites

Recent News

CREST and IASME announce partnership with the NCSC to deliver Cyber Incident Exercising scheme

September 26, 2023
partnership

Cyberelements Partners with ABC Distribution Partners to Revolutionise Privileged Access Management in Europe

September 26, 2023
Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence

Adarma Names James Todd as Chief Technology Officer, Reinforcing Dedication to Security Operations Excellence

September 25, 2023
Nurturing Our Cyber Talent

Nurturing Our Cyber Talent

September 25, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information