From: [redacted]
Subject: Goodwill

Message Body:

The vendor was C&K Systems that was the provider for all of the Goodwill's that held the breach. Of of the Goodwill's that were broken into, they all use CounterPoint POS and their vendor that was breached was C&K.

Yesterday, Beth Perell sent out an email that included a post from security firm, idRADAR, which discusses Goodwill and C&K Systems. The post is below if you haven’t seen it. In her email, Beth mentioned that we would be sending talking points should you be contacted by themedia. You should also feel free to contact Lauren Lawson [redacted] if you would prefer for GII to handle media inquiries. The talking points reflect our previous messaging, and are simple and to the point. 

If pushed by a reporter regarding C&K Systems, our response should always be, “We are not going to comment on their business.” Below are several ways that demonstrate that message and speak to Goodwill’s disengagement from C&K’s hosting services as well as there being no threat to shoppers in our previously affected stores.

For your information, this email will be forwarded to the marketing listserv.

Please let me or Lauren know if you have questions and/if you receive media inquiries. I do not expect much media activity.

· C&K Systems is involved in an investigation. We are going to respect the investigation and not comment on their business.

· All 20 previously affected Goodwill members have stopped using C&K Systems to process customers’ payment cards. We are not going to comment on their business.

· There is no longer a threat to individuals shopping at the previously affected Goodwill members’ stores.

· Data security is an issue that every retailer and consumer needs to be aware of today.

Kim Zimmer
Chief Marketing Officer & Sr. V.P., Global Development
Goodwill Industries International