America’s Thrift Stores, a store chain that operates on donations has revealed that it was the targeted victim of a security breach by malware that targeted a third-party service provider’s software.
The CEO of America’s Thrift Stores, Kenneth Sobaski released a statement today that revealed the store chain to be the victim of a malware-driven breach. So far, the investigation has revealed that credit and debit card numbers along with expiration dates were compromised, according to talks held with the U.S. Secret Service, the statement confirmed.
Other customer details such as names, addresses and email addresses and telephone numbers are not believed to be compromised. The statement also notes that he breach may have affected customers who engaged in transactions with the store between September 1, 2015, and September 27, 2915.
“If you used your credit or debit card during this time to purchase an item at any America’s Thrift Store location, the payment card number information on your card may have been compromised,” the statement read.
Furthermore, security journalist Brian Krebs states in his blog that the compromised card details may have been already used to produce counterfeit cards, with details obtained from several banking sources who confirm a pattern of fraud on cards used at America’s Thrift Stores.
The store chain employs over 1,000 employees and turns donated items into revenue to its non-profit partners for their causes. The store chain is estimated to pay out over $4 million annually toward its partners.
The store has since sought the services of an external forensic expert along with the U.S. Secret Service, the statement confirmed.
“As soon as we learned of this incident, America’s Thrift Stores began working with a leading independent external forensic expert and the U.S. Secret Service to examine the breach. We have identified and removed malware that was the source of the breach– and we continue to take steps to improve security against any future attacks. Shoppers can feel confident using credit or debit cards at any of our store locations.”
The statement also noted that no cash-paying customers have been impacted by the breach.
Customers who have purchased goods in any of the charity store chain’s outlets are advised to check for any fraudulent charges on their credit and debit statements.
The statement also provides a customer service number for any concerns questions at 1-866-837-2071.