Thrift store chain America’s Thrift Stores has disclosed a data breach involving an unnamed third-party provider. A statement prominently linked from their home page begins:
A Statement From Our CEO Concerning Cyber Security
Dear Customers,
America’s Thrift Stores recently learned that it was the victim of a data security breach that occurred through software used by a third-party service provider. This breach allowed criminals from Eastern Europe unauthorized access to some payment card numbers. This virus/malware, is one of several infecting retailers across North America. The U.S. Secret Service tells us that only card numbers and expiration dates were stolen. They do not believe any customer names, phone numbers, addresses or email addresses were compromised. This breach may have affected sales transactions between September 1, 2015 and September 27, 2015. If you used your credit or debit card during this time to purchase an item at any America’s Thrift Store location, the payment card number information on your card may have been compromised.
As soon as we learned of this incident, America’s Thrift Stores began working with a leading independent external forensic expert and the U.S. Secret Service to examine the breach. We have identified and removed malware that was the source of the breach– and we continue to take steps to improve security against any future attacks. Shoppers can feel confident using credit or debit cards at any of our store locations.
[…]
It is not clear from the notification how many customers nationwide may have been impacted, where there has been any misuse of the payment card information, or who the service provider is.