Goodwill says no Upper Midwest stores affected by data breach
ST. PAUL — Goodwill Industries said that none of its 44 Minnesota stores, nor any in the Upper Midwest, appear to have been involved in an 18-month-long data breach at some of its stores.
Goodwill estimates that 10 percent of its stores nationwide were affected. It appears that cyberthieves placed malware on a vendor’s computer systems, which processed credit card payments. Card numbers, expiration dates and customers’ names all were stolen, Goodwill said.
“The malware attack affected the third-party vendor’s system intermittently between Feb. 10, 2013, and Aug. 14, 2014,” Goodwill said in a statement. “Some stores experienced shorter periods of impact.”
Goodwill is only one of a flurry of U.S. retailers hit by recent cyberattacks. The Department of Homeland Security warned last month that more than 1,000 U.S. businesses have been hit by cyberthieves targeting its in-store cash register systems.
Some of those cyberattacks appear to have affected Minnesota consumers, while others apparently have not.
Dairy Queen International, based in Edina, said that “a small portion of our 4,500 U.S. stores” were affected by a cyberattack. The company has not yet disclosed the possible breach dates, nor whether Minnesota outlets were specifically affected.
“The stores are not geographically clustered,” Dairy Queen said in a statement.
Supervalu said earlier that Cub Foods shoppers were potentially at risk in its data breach. The Eden Prairie-based grocer said that malware was discovered on its card-payment system, but said it’s still unclear whether card data was actually stolen.