Goodwill, a US-based non-profit organization, has disclosed a data breach related to user accounts using its e-commerce auction platform, ShopGoodwill.com
Ryan Smith, vice president of ShopGoodwill, said in a data breach notification letter sent to affected individuals that a vulnerability in the site exposed some of their personal contact information.
Smith added that ShopGoodwill does not store payment information on its servers, so no payment information was compromised in this incident.
We recently had a problem with our website and discovered that some of your personal contact information was being made available to unauthorized third parties. This information includes your first and last name, email address, phone number, and mailing address.
Note that ShopGoodwill does not store card information, so no card information has been compromised. A third party has accessed the purchaser’s contact information, but not the customer’s ShopGoodwill account
The nonprofit has fixed a vulnerability in the ShopGoodwill platform that led to the leak of personal contact information.
ShopGoodwill is committed to the security of your personal information, and we apologize for any frustration or concern this may have caused.
If we learn of any additional relevant information, we will contact you immediately.
Goodwill has served more than 25 million people with disabilities and disadvantaged groups worldwide in 2019, helping more than 230,000 people train for jobs in banking, IT, healthcare and more.
The nonprofit raises funds by selling donated clothing and household items through an extensive network of thousands of retail thrift stores around the world, as well as through the online auction site ShopGoodwill.com.
Comments