America’s Thrift Stores has revealed in an official statement that it has been attacked by cybercriminals from Eastern Europe.
Kenneth Sobaski, CEO of the for-profit but charitable company, said that the data breach took place through software that was used by a third-party service provider.
As a result of the incident, America’s Thrift Stores believes that the cybercriminals were able to obtain payment card numbers and expiration dates.
The malware that allowed them to access its system is thought to be “one of several infecting retailers across North America”, Mr Sobaski continued.
He added that the US Secret Service has confirmed that customer names, phone numbers, emails and addresses were not compromised.
However, Mr Sobaski urged caution, as the fallout from the attack may leave people vulnerable to fraud.
This is particularly the case for individuals who made a credit or debit card transaction between September 1st and September 27th, 2015.
“As soon as we learned of this incident, America’s Thrift Stores began working with a leading independent external forensic expert and the US Secret Service to examine the breach,” its CEO explained.
“We have identified and removed malware that was the source of the breach and we continue to take steps to improve security against any future attacks. Shoppers can feel confident using credit or debit cards at any of our store locations.”
This example is the latest in a number of high-profile attacks that highlights the importance of investing in cybersecurity, as well as the ongoing challenges that organizations face in protecting their systems.
Executives are well-aware of this, with a report from two years ago observing how cyberthreats are now the third-biggest worry for CEOs.
Lloyd’s Risk Index 2013 noted: “Cybersecurity now sits squarely towards the top of the agenda for boards around the world with cyber risk moving from 12th to 3rd place in the index.”
