Goodwill announced the attack on its website Friday that targeted its retail stores in Kent, Ionia, Montcalm, Mecosta, Isabella and Ottawa counties.
While its 18 stores remain open, customers are limited to cash- only payments as law enforcement investigates and IT teams rebuild systems.
Goodwill clarified it does not retain credit card data, shielding past customers from potential financial theft.
Andrew Kalafut, Director of Grand Valley State University’s Institute for Cybersecurity Education and Research, explains nonprofits are a prime target, second only to government agencies as the most attacked sector globally.
“There is a perception from the people doing the attacks that nonprofits maybe don’t have as good defenses in place as large businesses. This makes them more attractive of a target because the adversary thinks they’re more likely to succeed."
The impact on nonprofits can be devastating.
"There is of course the financial damage, but there is a big reputational risk. If donors feel like their personal information is in jeopardy, they may be less likely to make a donation in the future."
Kalafut notes attacks can be mitigated with staff training, regular software updates and data backups, and his team can help.
“Our Institute for Cyber Security, Education and Research is very willing to partner with nonprofits and small businesses on things like vulnerability assessments and security audits, that these organizations might not have the expertise to do in house, and might not necessarily be able to afford from a larger vendor.”
For a weekly dose of news right to your inbox, sign up for the WGVU newsletter.
