News

The latest payment breach victim may be Goodwill Industries

July 22, 2014

Brian Krebs, the noted security blogger whose recent claim to fame was breaking the news of the Target breach, reports in his blog that banks are reporting a series of breaches at Goodwill stores across the country.

Goodwill Industries International operates 165 thrift stores in the U.S. and Canada. According to Krebs, the company reached out to him last Friday to let him know that it was investigating a possible breach at an unknown number of locations, and was working with federal authorities.

It remains unclear how many Goodwill locations may have been impacted, but sources say they have traced a pattern of fraud on cards that were all previously used at Goodwill stores across at least 21 states, including Arkansas, California, Colorado, Florida, Georgia, Iowa, Illinois, Louisiana, Maryland, Minnesota, Mississippi, Missouri, New Jersey, Ohio, Oklahoma, Pennsylvania, South Carolina, Texas, Virginia, Washington and Wisconsin.

Although no "start date" to the breach has been determined yet, Krebs said it could go back as far as mid-2013.

Brian Krebs was recently a guest on NPR's "Fresh Air." It's a fascinating conversation, not just because of the level of candor he has in talking about how insecure many payment cards are, but also the fact that his investigations continue to place him and his family in the crosshairs of some very bad players, including international organized crime rings.

(Photo by Dwight Burdette.)