America’s Thrift Store

On October 9, 2015 the CEO for America’s Thrift Stores, Kenneth Sobaski announced that the company had recently learned that their organization had been the victim of a third-party party service provider’s security breach by way of a malware being implanted in their point of sale system.

The CEO stated:

This breach allowed criminals from Eastern Europe unauthorized access to some payment card numbers. This virus/malware, is one of several infecting retailers across North America. The U.S. Secret Service tells us that only card numbers and expiration dates were stolen. This breach may have affected sales transactions between September 1, 2015 and September 27, 2015. If you used your credit or debit card during this time to purchase an item at any America’s Thrift Store location, the payment card number information on your card may have been compromised.

Although Mr. Sobaski did not name the third-party service provider, a similar breach of security at Goodwill Industries led to investigation and the results of which were discovered that the security weakness was tied to C&K Systems, but America’s Thrift Stores would not respond to inquiries regarding the source of the malware.

Despite the CEO’s downplaying of what information may have been stolen, several banking authorities report that there is a pattern of unauthorized charges stemming from America’s Thrift Stores locations, which illuminates that the hackers were able to utilize the stolen data from the point of sale devices and replicate counterfeit credit and debit cards for fraudulent purchases.

The statement further explained that as soon as the company learned of the cyber intrusion that America’s Thrift Stores immediately began to employ the services of a leading independent external forensic expert in conjunction with the U.S. Secret Service investigation which examined the source of the data breach. Again without identifying the source America’s Thrift Stores stated that they had identified and eradicated the source of the malware and that they were taking necessary steps to improve their security protocols to upgrade their security against cyber attacks in the future.

In closing their statement CEO, Kenneth Sobaski reassured customers that they could feel secure to use their credit or debit cards at all of their store locations, that though the cyber breach only affected some of their store locations they treated the situation as if it had occurred at all.

Additionally, the statement encouraged customers to be vigilant in reviewing their credit and debit card statements, and that if there were any suspicious or fraudulent charges in their statement to report it immediately to your bank or credit card company.

At the close of Mr. Sobaski’s statement were these words, “Our customers are our top priority, and we apologize for this inconvenience.”

Links For Consumers Affected:

If you have any questions, please call the customer service center at 1-866-837-2071. Representatives are available to take calls Monday through Saturday from 8:00 A.M. to 5:00 P.M.

Additional Resources About This Breach:

Have You Been Hacked?

*Cyber breach data provided by Have I Been Pwned

Enter your email or username to see if your information was compromised.

Have You Been Hacked?