March 24, 2023

Goodwill Industries International has confirmed that a breach of a card processor’s systems via malware exposed payment card data for an unspecified number of the charity’s customers.

Approximately 330 stores in 20 states were affected by the compromise, according to the not-for-profit charitable organization that sells donated merchandise to fund job programs.


The impacted locations which represent more than 10 percent of Goodwill’s 2,900 stores all used the same processor, which was not identified in the charity’s announcement. There was no evidence of malware on any internal Goodwill systems, the investigation confirmed.

Goodwill comprises a network of 165 independent headquarters. Some 20 of those “members” were affected by the breach. “The impacted Goodwill members used the same affected third-party vendor to process credit card payments,”.

Information exposed in the breach includes names, payment card numbers and expiration dates of certain Goodwill customers. There is no evidence that other customer personal information, such as addresses or PINs, were affected by the malware, Goodwill says.

The charity says it received a very limited number of reports from the payment card brands of fraudulent use of payment cards connected to Goodwill stores.


The breach was confirmed following a forensics investigation launched in July when news of a possible breach first surfaced. Goodwill worked closely with federal law enforcement authorities and the payment card brands in conducting the investigation. Goodwill did not immediately respond to a request for additional information.

Leave a Reply

%d bloggers like this: