Malware attack targets America’s Thrift Stores

Variants now spawning off new Android SMS malware
October 12, 2015
£20 million stolen from British bank accounts in malware attack
October 14, 2015

America’s Thrift Stores said this week that it has been the victim of a malware-driven cyberattack by Eastern European criminals who stole credit card data from the donations-based retailer.

“This breach allowed criminals from Eastern Europe unauthorized access to some payment card numbers,” the company said in a statement. “This virus/malware is one of several infecting retailers across North America.”

The company says that according to the Secret Service, no customer names or other contact information was compromised. The hack seems to have affected transactions between Sept. 1 and Sept. 27 of this year.

The hackers targeted a third-party service provider.

“We have identified and removed malware that was the source of the breach — and we continue to take steps to improve security against any future attacks,” the company said. “Shoppers can feel confident using credit or debit cards at any of our store locations.”

In 2014, hackers exploited a third-party vendor, C&K Systems, to breach Goodwill and steal credit and debit card information.

America’s Thrift Stores has not identified the compromised vendor in this intrusion.

Retailers — such as Target and Home Depot — have been some of the high-profile targets of cybercriminals seeking to steal and exploit payment information.

America’s Thrift Stores is headquartered in Birmingham, Ala., with stores in Alabama, Georgia, Tennessee, Mississippi and Louisiana.

Source – http://thehill.com/policy/cybersecurity/256702-malware-attack-targets-americas-thrift-stores