ABSTRACT
Goodwill Industries International, Inc., a nonprofit organization that aims at helping people who are disabled or disadvantaged through various programs, investigated a possible data breach that might have impacted several of its stores across the United States. The organization, which has 165 community-based agencies in the United States and Canada, became aware of the possible theft of payment card data on July 18, 2014 after being notified by federal authorities and a payment card industry fraud investigative unit. Approximately 868,000 payment cards were exposed. Sources in the financial industry said that stores in at least 21 states appear to be impacted by the breach, which had started on February 10, 2013, and lasted till August 14, 2014. The primary lesson to be learned from the Goodwill incident is the importance of performing due diligence to ensure full understanding of the security protections that any third-party vendors use to protect our organization.
