Goodwill North Central Texas has reported a data breach following a cyberattack claimed by the ransomware group Rhysida. The attack, which occurred in November 2024, disrupted operations and led to the temporary closure of all Goodwill stores in the region. Impacted individuals are urged to remain vigilant by monitoring financial statements, updating passwords, and staying alert to phishing attempts. For more information, visit our guide on how to protect your information after a data breach and minimize potential harm.
Goodwill North Central Texas Data Breach Details
On November 10, 2024, Goodwill North Central Texas announced a “company-wide technical issue” that forced the closure of its stores. Operations gradually resumed on November 13, with full functionality restored by November 22.
While Goodwill has not officially confirmed Rhysida’s claim of responsibility, the ransomware group has posted what it alleges to be scans of stolen documents on its leak site as proof of the breach.
Authorities and cybersecurity experts continue to investigate the breach to determine the extent of the damage and any potential long-term consequences for affected individuals.
What Information Was Compromised?
According to Goodwill North Central Texas’s notification to the Texas Attorney General on February 20, 2025, an unauthorized third party may have accessed sensitive personal and health-related information stored in its systems. The compromised data potentially includes:
- Names
- Addresses
- Social Security numbers
- Driver’s license numbers
- Government-issued ID numbers (e.g., passports, state ID cards)
- Financial information (e.g., bank account numbers, credit and debit card details)
- Medical and health insurance information
- Dates of birth
