Rawpos was used to compromise 330 of Goodwill’s independently operated “member” stores in 20 US states. The breach exposed information on 868,000 credit cards. Symantec gave Rawpos a risk rating of “very low” when they discovered the infostealer in February. Goodwill is not releasing the name of the third-party vendor, but Goodwill director of public relations Lauren Lawson confirmed that it is a point-of-sale system provider. It must be a Windows-based POS system; Rawpos impacts Windows 7, Vista, XP, and 2000.”]
Source: https://www.darkreading.com/attacks-breaches/backoff-not-to-blame-for-goodwill-breach