The Goodwill Industries of South Central California is a regional subset of the retail and nonprofit organization that's available all over the United States. The non-profit organization maintains retail stores selling using goods and donates much of the revenue generated by its stores to help unemployed and at-risk individuals find jobs. The South Central California branch of Goodwill recently experienced a serious data breach that may have exposed some employees and a few customers as well.
The Goodwill data breach occurred because an employee's email was accessed without permission. An attacker gained access to the email account, most likely by way of a phishing attack, and began using the account access to gather confidential data. The data gathered could be used in harmful ways.
The Goodwill email account was compromised around July 21, 2022, and it wasn't until December 22, 2022, that the investigation was complete, examining all the potential data lost thanks to the compromised email address. There was an extended period of time when data could have been gathered from this email account.
The data breach mostly impacts staff members of the Goodwill Industries of South Central California, but some customers and individuals relying on help from the organization may have been impacted as well if you've recently dealt with the organization, you may have had your data exposed. The company is sending out personalized letters to anyone that is at risk of having information exposed, and they will all get access to 12 months of credit monitoring services for free. Use these services, and watch over your financial accounts for any signs of issues.
Hundreds of Goodwill documents and thousands of emails were accessible during the period when the account was compromised. It's unclear how much data was actually taken and used from the account, but many people were exposed by the breach.