• Home
  • cyber
  • Goodwill of Greater Grand Rapids and Goodwill Industries of North Central Pennsylvania: Ransomware gang claims attack on Goodwill Industries
cyber Ransomware

Goodwill of Greater Grand Rapids and Goodwill Industries of North Central Pennsylvania: Ransomware gang claims attack on Goodwill Industries

Mar 14, 2026 2 min read
Goodwill of Greater Grand Rapids and Goodwill Industries of North Central Pennsylvania: Ransomware gang claims attack on Goodwill Industries

Ransomware Group Interlock Targets Goodwill Industries, Disrupts Operations

The ransomware group Interlock has claimed responsibility for a cyberattack on Goodwill Industries of North Central Pennsylvania, allegedly stealing 80 GB of data and adding the nonprofit to its data leak site. The incident has caused operational disruptions, with reports of system outages affecting stores in Greater Grand Rapids, where payment systems were taken offline, forcing cash-only transactions and limiting returns.

Goodwill of Greater Grand Rapids confirmed the disruptions on social media, announcing cash-only payments on March 14, 2026, followed by a temporary closure on March 15. Employees reported being told of a hack, though the extent of the breach remains unclear. Goodwill Industries International stated it was unaware of any cyberattack on its central systems, noting that each of its 150+ North American organizations operates independently.

Interlock, which emerged in October 2024, has been linked to 96 attacks, with 46 confirmed by affected entities. The group employs a double-extortion tactic, demanding ransom for both data decryption and the prevention of leaked information. To date, Interlock has compromised nearly 4.7 million records, with its largest breach affecting DaVita in 2025 impacting 2.7 million individuals.

The attack on Goodwill follows a recent trend of ransomware targeting nonprofits, including:

  • San Francisco Children’s Council (August 2025, 12,655 affected)
  • National Association on Drug Abuse Programs (January 2026, 90,000 affected)
  • Hudson River Housing (March 2025, $744,000 ransom demanded)

Goodwill Industries, a 122-year-old nonprofit, operates 3,400 stores across North America, Korea, and 12 other countries, providing job training and community support. Investigations into the breach, including whether a ransom was demanded or paid, are ongoing.

Source: https://www.comparitech.com/news/ransomware-gang-claims-attack-on-goodwill-industries/

Goodwill of Greater Grand Rapids TPRM report: https://www.rankiteo.com/company/goodwillgr

Goodwill Industries of North Central Pennsylvania TPRM report: https://www.rankiteo.com/company/goodwill-industries-of-north-central-pa

"id": "googoo1774550179",
"linkid": "goodwill-industries-of-north-central-pa, goodwillgr",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Retail, Job Training, Community Support',
                        'location': 'North Central Pennsylvania, USA',
                        'name': 'Goodwill Industries of North Central '
                                'Pennsylvania',
                        'type': 'Nonprofit'},
                       {'industry': 'Retail, Job Training, Community Support',
                        'location': 'Greater Grand Rapids, USA',
                        'name': 'Goodwill of Greater Grand Rapids',
                        'type': 'Nonprofit'}],
 'customer_advisories': 'Cash-only payments, temporary closure announcements',
 'data_breach': {'data_exfiltration': '80 GB of data stolen'},
 'date_publicly_disclosed': '2026-03-14',
 'description': 'The ransomware group Interlock has claimed responsibility for '
                'a cyberattack on Goodwill Industries of North Central '
                'Pennsylvania, allegedly stealing 80 GB of data and adding the '
                'nonprofit to its data leak site. The incident has caused '
                'operational disruptions, with reports of system outages '
                'affecting stores in Greater Grand Rapids, where payment '
                'systems were taken offline, forcing cash-only transactions '
                'and limiting returns.',
 'impact': {'data_compromised': '80 GB',
            'downtime': 'Temporary closure on March 15, 2026',
            'operational_impact': 'Cash-only transactions, limited returns, '
                                  'store closures',
            'systems_affected': 'Payment systems, operational systems'},
 'investigation_status': 'Ongoing',
 'motivation': 'Financial gain (double-extortion tactic)',
 'ransomware': {'data_exfiltration': '80 GB of data stolen'},
 'references': [{'source': 'Cyber Incident Description'}],
 'response': {'communication_strategy': 'Social media announcements',
              'containment_measures': 'Payment systems taken offline, '
                                      'cash-only transactions'},
 'threat_actor': 'Interlock',
 'title': 'Ransomware Group Interlock Targets Goodwill Industries, Disrupts '
          'Operations',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.