"Personal Information Compromised in Goodwill Website Hack"

Nonprofit organization Goodwill has started notifying users of its ShopGoodwill.com e-commerce platform that their personal information was compromised due to a cybersecurity breach.  The company has informed users that an “unauthorized third party” accessed buyer contact information, including name, email address, phone number, and mailing address.  Goodwill noted that no payment card information was exposed.  The organization said the website vulnerability exploited in the incident has been addressed.  The ShopGoodwill website is currently offline “for maintenance,” but it’s unclear if it’s related to the breach.  This appears to be the second data breach disclosed by the nonprofit in the past decade.  In 2014, Goodwill informed customers that more than 800,000 payment cards had been compromised due to a breach at a third-party vendor.  The affected payment processor confirmed at the time that hackers had access to its systems for more than a year.

SecurityWeek reports: "Personal Information Compromised in Goodwill Website Hack"