9/2/14 — Payment Card Data Breach
Letter from our Executive Director
September 2, 2014
Dear Goodwill® Customers:
In July, Goodwill Industries International (GII) announced that some Goodwill® member store locations may have been affected by a data security issue. An investigation ensued, and the third-party investigator and federal law enforcement authorities found that our Northern Michigan Goodwill stores were not impacted. This issue does not affect our customers.
The Goodwill members that were impacted were using a common third-party vendor for payment processing. This vendor’s systems were found to contain malware. The affected Goodwill members took immediate action to ensure the malware no longer presents a threat to individuals shopping at their Goodwill stores.
Our primary concern is for the people we serve —- our community, our shoppers and our donors — and we are committed to ensuring that your information is safe and secure. If you have any questions or would like more information, please call toll-free at 1-800-GOODWILL.We will be available to answer your questions 9 a.m.-9 p.m. on Saturdays; 10 a.m.-7 p.m. on Sundays; and 9 a.m.-9 p.m. on Mondays-Fridays Eastern time.
Cecil R. McNally
Executive Director, Goodwill Northern Michigan
1. What happened?
In July 2014, Goodwill Industries International (GII) was notified by a payment card industry investigative unit and federal law enforcement authorities that some U.S. Goodwill® members may have suffered a data security compromise. Immediately upon being notified, we issued an announcement to the public about the potential issue so that Goodwill customers could take steps to protect themselves. Since that time, GII members have engaged a third-party forensic expert to conduct an extensive investigation, and have been working closely with federal law enforcement authorities and coordinating with the payment card brands to determine the facts.
The forensic investigation has confirmed that a third-party vendor’s systems had been attacked by malware, enabling criminals to access the payment card data of some Goodwill members’ customers. We took immediate action to ensure that the malware found on the third-party vendor’s systems no longer presents a threat to individuals shopping at the affected Goodwill members’ stores.
2. I am a Goodwill customer. Was my information affected?
Goodwill members have received a very limited number of reports from the payment card brands of fraudulent use of payment cards connected to Goodwill members’ stores.
A list of the affected Goodwill stores and time periods of exposure is available at http://www.goodwill.org/payment-card-notice If you have further questions, call 1-800-GOODWILL.
3. What information may have been compromised?
The third-party vendor’s affected systems contained payment card information, such as names, payment card numbers and expiration dates, of certain Goodwill members’ customers. There is no evidence that other Goodwill customer personal information, such as addresses or PINs, was affected by this issue.
4. Which Goodwill stores were impacted by this incident?
Based on the investigation, 20 Goodwill members’ stores in the U.S. have been impacted.
Goodwill is comprised of a network of 165 independent, community-based Goodwill members. A list of the affected Goodwill members’ store locations and the relevant time periods of exposure is available http://www.goodwill.org/payment-card-notice.
5. Is it safe to use a payment card at Goodwill member stores?
The affected Goodwill members took immediate action to ensure that the malware found on the third-party vendor’s systems no longer presents a threat to individuals shopping at the affected Goodwill member stores, and we have been working to help prevent this type of incident from occurring in the future.
The malware impacted the systems of a third-party vendor that some Goodwill members used to process their payment card data. The investigation found no evidence of a compromise of any internal Goodwill systems.
6. What should I do to help protect my information?
We realize this is an issue that every retailer and consumer needs to be aware of today. If you used a payment card at an affected Goodwill store during the relevant time period, we recommend that you carefully monitor your account statements and contact your bank or card issuer if you detect any suspicious activity.
Under U.S. law, you are entitled to one free credit report annually from each of the three national credit bureaus. To order your free credit report, visit www.annualcreditreport.com or call toll free at 1-877-322-8228. For more information, you can contact any one of the consumer reporting agencies at:
Additional information about steps you can take to protect your information is available at http://www.goodwill.org/payment-card-notice
7. Where can I get more information?
If you have any questions or would like more information, please call us toll-free at 1-800-GOODWILL. We will be available to answer your questions from 9 a.m.-9 p.m. on Saturdays; 10 a.m.-7 p.m. on Sundays; and 9 a.m.-9 p.m. on Mondays-Fridays Eastern time.