- Sep 13, 2018
American nonprofit Goodwill has disclosed a data breach that affected the accounts of customers using its ShopGoodwill.com e-commerce auction platform.
ShopGoodwill's Vice President Ryan Smith said in data breach notification letters sent to impacted individuals that some of their personal contact information was exposed due to a site vulnerability.
Smith added that no payment information was exposed in the incident because ShopGoodwill does not store such data on its servers.
"We were recently alerted to an issue on our website which resulted in the exposure of some of your personal contact information to an unauthorized third party. This contact information includes your first and last name, email address, phone number, and mailing address," Smith explained.
"No payment card information was exposed; ShopGoodwill does not store payment card information. While the third party accessed buyer contact information, they did not access your ShopGoodwill account."
The nonprofit has fixed the ShopGoodwill vulnerability that led to exposure to personal contact information.