The 18 Month Phishing Hole
Sadly apparently this had been going on for quite sometime. However, a good point the article brings up is Goodwill outsources payment processing to outside technology firms. What made the attack different then others was its origin at the point of sale or POS.
“The hosted systems were running software from ‘a leading POS [point-of-sale] vendor’...”
See article for more information: