C&K apologizes for unauthorized access that led to Goodwill breach | SC Media
Breach

C&K apologizes for unauthorized access that led to Goodwill breach

September 17, 2014
The web hosting service apologized Monday for the “intermittent” unauthorized access to its hosted environment over an 18-month period that likely led to the data breach incurred by Goodwill Industries International. 

C&K Systems, Inc. noted that once an independent security analyst informed the company on July 30 of the unauthorized access, it called in “an independent cyber investigative team.” By working with that team, C&K was “able to catch up and stop the threat,” which it called a “highly specialized Point of Sale [(POS)infostealer.rawpos] malware variant” that went undetected by the company's security software systems until Sept. 5.

The investigation showed that three of its customers, including Goodwill, were affected, and all were notified immediately with “steps taken to eliminate the threat.”  C&K said that while “many payment cards may have been compromised” fewer than 25 have been used fraudulently.
prestitial ad