A charity store chain, America’s Thrift Stores discovered on Friday (October 09), that it had been become the victim of a malware-driven security breach which originated from a third-party service provider’s software to process credit card payments in Alabama, Georgia, Louisiana, Mississippi and Tennessee.
America’s Thrift Stores is a for-profit organization which operates 18 donations-based thrift stores throughout the southeast United States that collects used clothing and household items from local communities and sells them for a profit, which it shares with Christian charities.
The Birmingham-based company’s CEO, Kenneth Sobaski declared ina statement released that no customer names, phone numbers, addresses or emails were exposed, but credit card numbers were revealed.
The hack appears to have affected transactions between September 01 and September 27.
The organization cautioned the customers who feared for their data to be compromised to contact their card issuer or bank immediately, and to report any suspicious activity was discovered.
The malware has been removed from the stores’ computers, and purchases outside of those dates should not be at risk.
Security journalist, Brian Krebs stated in his blog that there were indications that data stolen from America's Thrift Store was already being used to create new counterfeit cards with details obtained from several banking sources who confirm a pattern of fraud on cards used at America’s Thrift Stores.
The company assured that U.S. Secret Service is investigating the breach.
The store chain employs over 1,000 employees and turns donated items into revenue to its non-profit partners for their causes. The store chain is estimated to pay out over $ 4 million annually toward its partners.
This store chain is not the only charity organization whose systems have been targeted by cyber criminals.
Last year, Goodwill Industries International’s system was breached which processed payments for twenty Goodwill members, representing roughly 10 percent of all stores.
Its investigation revealed that the attackers had access to the third party vendor’s systems for a year and a half, and leveraged point-of-sale (PoS) malware to steal data which they used for fraudulent purchases.
In these breaches, the problem does not arrive with the Operating system but the biggest problems have to do with various levels of access being given to third party businesses. The organizations fail miserably in protecting their level of access that makes these breaches possible and damaging.
The breach of America’s Thrift stores may be the repetition of Target breach that took place recently. Using easy passwords across the gamut of critical systems lead to such hacks. The Target’s security breach should have been a huge wake-up call for businesses everywhere to adapt and evolve their IT security practices.