Security : Data Breach : :
What Kind of Person Robs Goodwill?
Goodwill taking the fall for malware installed on a third party system.
Chief Technology Officer
Strategy & Research Officer
Kyle Kennedy, CTO and Jonathan Sander, Strategy & Research Officer for STEALTHbits Technologies on news of the Goodwill POS breach commented the folllowing.
“Another retail breach reported – this time the charitable non-profit group Goodwill reported evidence that its point of sale payment systems were recently attacked and they are investigating at this time. Goodwill states that ‘no breach has been confirmed but an investigation is underway’ -- where there is smoke there usually is fire. Goodwill as many non-profit organizations today, are cost conscience and in the case of Goodwill they direct financial resources towards community and job programs in the locations they operate in.
Goodwill reportedly utilizes third-party point of sales systems to provide payment services to Goodwill customers; which makes a lot of sense based on the fact their corporate mantra is to provide job training, employment placement services, and other community-based programs to help veterans, individuals that lack education or job experience, face employment challenges or people who have disabilities – Goodwill is about helping the community,” said Kennedy.
“The financial funding that backs so many critical community programs offered by Goodwill will likely need to be diverted to remediation efforts and upgrading Goodwill’s point-of-sale systems. Goodwill like most non-profits have a core mission and vision; spending significant financial resources on high-end security solutions for point-of-sale systems as an example do not map towards fulfilling their organizational mission and vision.
The fact that Goodwill is so entrenched within our communities makes the potential impact of this potential security / data breach even more damaging than a traditional for-profit retailer. This in my opinion will be one of the more impactful data breaches in a long time as the impact goes beyond the fiscal impact to the consumer but to the very fabric of our communities that rely upon non-profit’s like Goodwill to provide support in times of need,” he said.
Sander added, “When lawsuits for anything were all the rage in the 80’s, law firms would say always sue the party with the deepest pockets despite what may actually make sense in the case. When I see an organization like Goodwill taking the fall for malware installed on a third party system, I can’t help but feel this is the 24/7 data breach news cycle equivalent. If Goodwill had installed locks that were shown to have a manufacturing fault, would we be holding them responsible for people picking those locks?
This shows how immature IT still is as an industry, especially when it comes to security. We collectively realize that IT will be so flawed that we will need professionals to run it in every detail, and we hold the organization using that technology responsible when the technology fails. If they did do “a month and a half of investigation” as reported, it seems they took this seriously. But that won’t matter now. Another household name gets a black mark despite the best intentions of Goodwill.”
Enabling our customers to harness the power of their data and derive information by which to make decisions, solve problems, and streamline business processes is what we do best, and what we’ve been doing for over a decade.
Founded in 2001, STEALTHbits has extensive experience and deep expertise in the management of Microsoft technologies like Active Directory and Exchange, and governance solutions for unstructured data. With consistent growth, profitability, and a tenured management team that’s been at it since the start, STEALTHbits has emerged as a favorite solution provider for the world’s largest, most notable organizations, as well as a preferred partner to leaders in technology.
Advertise your product/service here!