Breach, Data Security

C&K apologizes for unauthorized access that led to Goodwill breach

The web hosting service apologized Monday for the “intermittent” unauthorized access to its hosted environment over an 18-month period that likely led to the data breach incurred by Goodwill Industries International. 

C&K Systems, Inc. noted that once an independent security analyst informed the company on July 30 of the unauthorized access, it called in “an independent cyber investigative team.” By working with that team, C&K was “able to catch up and stop the threat,” which it called a “highly specialized Point of Sale [(POS)infostealer.rawpos] malware variant” that went undetected by the company's security software systems until Sept. 5.

The investigation showed that three of its customers, including Goodwill, were affected, and all were notified immediately with “steps taken to eliminate the threat.”  C&K said that while “many payment cards may have been compromised” fewer than 25 have been used fraudulently.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.