America’s Thrift Stores, an organization that operates donations-based thrift stores in the Southeastern U.S., revealed in an official statement that it has been the victim of a malware-driven data security breach. The breach targeted software used by a third-party service provider.
The statement, from Kenneth Sobaski, CEO of America’s Thrift Stores, indicated the breach enabled criminals from Eastern Europe to access some payment card numbers.
The organization is working with an independent external forensic expert and the U.S. Secret Service to examine the breach. The Secret Service indicated that card numbers and expiration dates were stolen, while customer names, phone numbers, addresses or email addresses were not.
Advertisement
The breach may have affected sales transactions between Sept. 1, 2015 and Sept. 27, 2015.
Several banking sources of data security blog KrebsonSecurity say they have seen a pattern of fraud on cards used at all America’s Thrift Stores locations, indicating that thieves have been able to use the data stolen from the compromised POS devices to counterfeit new cards.
“We have identified and removed malware that was the source of the breach — and we continue to take steps to improve security against any future attacks,” Sobaski wrote. “Shoppers can feel confident using credit or debit cards at any of our store locations.”
