14 DAY TRIAL // GoodWill wrapped up the investigation of the PoS compromise reported in July and concluded that customers of 330 stores in the US have been affected by the incident.
Goodwill wrapped up the investigation of the PoS compromise announced in July and concluded that customers of more than 330 stores in the US have been affected by the incident.
In an official statement released by the company, it is revealed that at fault were the payment systems of a third party, used by the the affected stores for processing credit card transactions. The forensics experts did not find any trace of malware on Goodwill’s computers.
For a period of more than one year, between February 10, 2013 and August 14, 2014, the payment systems of the undisclosed vendor were infected by malware, but Goodwill was impacted starting June, 2013.
The Goodwill locations were not impacted during the whole time and the data exposed during this period includes names, payment card numbers and expiration dates.
As far as the malware type used for the attack, a company representative said that it was Rawpos, an infostealear that affects Windows operating systems (XP, 7, Vista, 2000), according to Symantec.
In a statement for Dark Reading, Goodwill also said that the information exposed as a result of the incident belonged to about 860,000 cards, but that they received a small number of reports about fraudulent use of the card data.