Goodwill of Greater Grand Rapids Cyberattack Forces Cash-Only Operation

GRAND RAPIDS, Mich. — Goodwill of Greater Grand Rapids has temporarily switched to cash-only transactions after a cyberattack disrupted the nonprofit's network and point-of-sale systems across its 18 local stores.

The organization confirmed the incident in a public statement released Friday, March 27, saying the breach affected network resources used to run local stores. Goodwill immediately notified law enforcement and brought in external cybersecurity experts to investigate.

"All Goodwill of Greater Grand Rapids locations are temporarily accepting cash only," the statement read. "We expect the cash-only policy to remain in place for the next several days as we work to rebuild our point-of-sale program."

Goodwill organizations operate on separate systems, meaning the attack has no impact on Goodwill locations or networks in other communities. The incident affects only the 18 stores operated by Goodwill of Greater Grand Rapids in Kent County, Ionia County, Montcalm County, Mecosta County, Isabella County, and portions of Ottawa County.

Stores Remain Open

Despite the disruption, all local stores remain open for business. Staff said the organization does not store credit card data on its systems, meaning customer payment information was not at risk.

"Our stores continue to be open for business," officials said. "We wish to thank our customers and community partners for their patience and support while we work through this issue."

The organization has not yet confirmed a timeline for full restoration. Investigators are still working to determine the full scope of the breach.

Previous Ransomware Claims Revised

An earlier version of Goodwill's statement had described the attack as ransomware, but by Friday afternoon, the statement now just lists it as a general cyberattack.

Cybersecurity expert Dr. David Utzke, who does not have internal knowledge of the global cybersecurity issue at Goodwill, said the ongoing issues with accessing systems could indicate a ransomware attack. Utzke has decades of global cybersecurity knowledge.

"A ransomware attack is basically where, traditionally, the cyber attacker holds a system hostage until a ransom is paid, and then you may or may not be successful at regaining access to whatever it is that they've locked up," Utzke said.

The expert believes this attack may be a remote access attack, or RAT attack, carried out by a financially motivated group. By infiltrating the system and obtaining data about people who have access, attackers can use that as a secondary attack.

"We wish to thank our customers and community partners for their patience and support while we work through this issue," Goodwill staff said in the statement.

What Goodwill Does

Goodwill Industries of Greater Grand Rapids is a 501(c)(3) nonprofit organization dedicated to changing lives and communities through the power of work. The organization operates across a six-county region in Michigan and runs 18 retail stores and an online shopping site.

Their comprehensive job training and placement programs assist individuals with disabilities and other employment barriers, utilizing store sales and donations to promote community growth and sustainability.

For more information, visit www.goodwillgr.org.