Goodwill of Greater Grand Rapids, a regional nonprofit that operates 18 stores across six counties in western Michigan, said Friday that a cyber incident disrupted part of its network and left locations in and around the Grand Rapids area operating on a cash-only basis. The disclosure came a day after ransomware tracking site ransomware.live indexed an Interlock claim labeled as involving Goodwill Industries of North Central Pennsylvania, though DysruptionHub’s review of the post indicated the material appeared to match Goodwill of Greater Grand Rapids.
Goodwill said the attack affected network resources used to run stores in Kent, Ionia, Montcalm, Mecosta and Isabella counties, along with part of Ottawa County. It said it notified law enforcement and brought in outside cybersecurity experts to investigate the scope of the incident and restore systems.
Goodwill has not publicly identified who was responsible, confirmed ransomware or said whether any personal information was accessed or stolen. DysruptionHub did not receive a response to an emailed request for comment.
The clearest public impact so far is at checkout. Goodwill said its systems do not store credit card data, but stores have been operating on a cash-only basis as it rebuilds its point-of-sale program. The organization said stores are expected to remain cash-only for the next several days, with no confirmed timeline for full resolution.
Reporting by WOOD-TV and WWMT suggested the disruption affected operations before Friday’s formal disclosure. Goodwill’s Facebook page showed cash-only notices dated March 14 and March 15, and WOOD-TV reported the nonprofit also paused returns and temporarily closed its outlet store for a day during the technical problems.
Goodwill described the event as an “attack” and a “cyber incident,” but did not publicly characterize it as ransomware or say whether any data was accessed or stolen. Some local coverage used the term ransomware, but that has not been confirmed by the nonprofit.
Goodwill of Greater Grand Rapids is a regional nonprofit retailer and workforce-services provider serving six counties in western Michigan. The organization said affiliates in other communities were not affected because local Goodwill nonprofits operate on separate systems. It also runs an online shopping site and, according to a 2024 company release, employs more than 800 people.
Chip in once
If this reporting helped you, a one-time tip helps cover hosting, tools and future investigations.
Support us monthly
A small monthly pledge keeps independent coverage and our reader tools online for everyone.
A recent outage at Florida-based Duffy’s Sports Grill also showed how cyber incidents can spill into routine customer transactions. The company faced card payment and rewards disruptions this week while it had not publicly confirmed ransomware.
The incident also comes against the backdrop of earlier Goodwill-linked payment security problems. In 2014, Goodwill Industries said malware at a third-party payment vendor exposed card data tied to about 10% of Goodwill stores nationwide. There is no evidence that incident is related to the current outage.
What comes next depends on the forensic investigation, the restoration of checkout systems and whether Goodwill determines any personal information was affected. For now, stores remain open, but purchases require cash.
