US charity Goodwill has been subjected to a data breach, resulting in the payment details of 868,000 people being compromised.
Following a six-week investigation, the charity said the data was stolen from 330 of its stores across 20 US states.
The hackers apparently managed to get the details after hacking point of sale (POS) terminals using malware and then siphoning off the information.
Some of the charity's customers have reported their cards have been used in fraudulent activity and the company advised the rest of its clientele to use a credit file report to find out if they had been subject to fraud.
The chain of charity shops was advised of a possible attack by a high-profile unnamed bank who investigated the criminal activity between February and August this year.
Jim Gibbons, president and CEO of Goodwill, said: "We continue to take this matter very seriously. We took immediate steps to address this issue, and we are providing extensive support to the affected Goodwill members in their efforts to prevent this type of incident from occurring in the future.
"Goodwill's mission is to provide job training for people with disabilities and disadvantages. We provide this service to millions of people each year. They, our shoppers and our donors, are our first priority."
The company said it first learnt it may have been subject to an attack in July but didn't take any action, allowing hackers to continue collecting data into August.
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
