Hackers Hit Nonprofit Retail Chain

America’s Thrift Stores reported a malware-driven cyberattack through a third-party vendor that might have compromised credit card numbers and expiration dates of transactions made last month at its 18 stores.

In a statement posted on its website, America’s Thrift Stores CEO Kenneth Sobaski said the breach allowed criminals from Eastern Europe unauthorized access to some payment card numbers. The organization did not return calls seeking more information.

The U.S. Secret Service told Sobaski, according to the post, that only card numbers and expiration dates were stolen and the agency does not believe any customer names, phone numbers, addresses or email addresses were compromised.

The breach might have affected transactions made between Sept. 1 and Sept. 27. The virus/malware identified as the source of the breach has been removed. As soon as it learned of the incident, America’s Thrift Stores began working with an independent external forensic expert and the U.S. Secret Service to examine the breach, Sobaski said via the statement.

“We continue to take steps to improve security against future attacks,” Sobaski said. If customers view any fraudulent activity or suspicious charges on their credit or debit cards, he suggested contacting your bank or card issues immediately.

Headquartered in Birmingham, Ala., America’s Thrift Stores has 18 locations throughout Alabama, Georgia, Louisiana, Mississippi and Tennessee. It was founded in 1984 and supports several ministries, including Kings Home, Home of Grace Addition Recovery Program, Teen Challenge Mid-South, Teen Challenge International, Mission of Hope, Grace House Ministries, and America Family Foundation.