The Vermont Office of the Attorney General disclosed a data breach at Goodwill Industries of Greater New York and Northern NJ on May 24, 2023. The incident involved unauthorized access to an employee’s email account between October 12 and October 29, 2022, exposing sensitive personal information of an unspecified number of individuals, including names and additional details. While the exact scope of compromised data remains undisclosed, the breach suggests potential exposure of employee or customer-related information stored in the email system. In response, the organization is providing 24 months of free credit monitoring services via Experian to affected individuals, indicating concerns over possible financial fraud or identity theft risks. The breach highlights vulnerabilities in email security protocols, raising questions about internal access controls and the protection of personally identifiable information (PII). No evidence suggests ransomware or large-scale system disruption, but the incident underscores the risks of phishing or credential compromise leading to data exposure.
TPRM report: https://www.rankiteo.com/company/goodwill-nynj
"id": "goo042091825",
"linkid": "goodwill-nynj",
"type": "Breach",
"date": "10/2022",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'customers_affected': 'Unspecified',
'industry': 'Retail / Thrift / Social Services',
'location': 'Greater New York and Northern New Jersey, '
'USA',
'name': 'Goodwill Industries of Greater New York and '
'Northern NJ',
'type': 'Non-Profit Organization'}],
'attack_vector': 'Unauthorized Access (Email Account Compromise)',
'customer_advisories': ['24 months of credit monitoring services through '
'Experian'],
'data_breach': {'number_of_records_exposed': 'Unspecified',
'personally_identifiable_information': ['Names'],
'sensitivity_of_data': 'Moderate (Names and Additional '
'Information)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)']},
'date_publicly_disclosed': '2023-05-24',
'description': 'The Vermont Office of the Attorney General reported a data '
'breach at Goodwill Industries of Greater New York and '
'Northern NJ. The breach involved unauthorized access to an '
'employee’s email account from October 12 to October 29, 2022, '
'potentially affecting an unspecified number of individuals '
'and involving their names and additional information. The '
'organization is offering 24 months of credit monitoring '
'services through Experian as a response.',
'impact': {'data_compromised': ['Names',
'Additional Information (unspecified)'],
'identity_theft_risk': 'Potential (Credit Monitoring Offered)',
'systems_affected': ['Employee Email Account']},
'initial_access_broker': {'entry_point': 'Employee Email Account'},
'references': [{'date_accessed': '2023-05-24',
'source': 'Vermont Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': ['Vermont Office of the '
'Attorney General']},
'response': {'third_party_assistance': ['Experian (Credit Monitoring '
'Services)']},
'title': 'Data Breach at Goodwill Industries of Greater New York and Northern '
'NJ',
'type': 'Data Breach'}