Federal authorities and payment card industry fraud units notified Goodwill on Friday Goodwill Industries International said Monday federal authorities are investigating a possible payment card breach at its U.S.-based retail outlets.The nonprofit agency, which sells donated goods to fund employment programs, was notified on Friday, according to a statement from Lauren Lawson-Zilai, Goodwill’s director of public relations. The U.S. Secret Service is investigating along with payment card industry fraud units.A number of large retail companies have been affected by aggressive campaigns by hackers seeking to compromise point-of-sale (POS) terminals, the computerized cash registers that process payment card transactions.[American Express customers receiving new breach notifications] Such systems were involved in data breaches at Target, Neiman Marcus and Michaels. In those cases, malicious software was installed on the terminals and collected payment card details.Other companies, including P.F. Chang’s China Bistro and Sally Beauty, have disclosed data breaches but not detailed what lead to the losses. The successful attacks against POS systems have taken place despite a years-long campaign to ensure payment card systems are well protected against attacks.Visa and MasterCard mandate that merchants follow the Payment Card Industry’s Data Security Standard (PCI-DSS), a lengthy set of recommendations for security payment processing systems. Still, the systems are complicated, and simple configurations errors can be capitalized on by hackers.Goodwill said it planned to take “prompt and appropriate actions” if a breach is discovered.“Goodwills across the country take the data of consumers seriously and their community well-being is our number one concern,” it said.Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe