The third party breach which affected Goodwill may have affected two other companies and gone on for around 18 months.
According to Brian Krebs, third-party payment vendor C&K Systems disclosed this information and said that the investigation determined malicious hackers had access to its systems “intermittently” between February 10th, 2013 and August 14th, 2014, and that the intrusion led to the the installation of a “highly specialised point of sale (POS) infostealer.rawpos malware variant that was undetectable by our security software systems until September 5th 2014″, it said in a statement.
C&K Systems also said that while many payment cards may have been compromised, the number of these cards which have been used fraudulently is currently less than 25.