Thrift store chain America’s Thrift Stores has fallen victim to a data security breach potentially affecting all of its locations. Customers have been warned to look out for dubious activity on their accounts.

In a statement, America’s Thrift Stores CEO Kenneth Sobaski said that the breach “occurred through software used by a third-party service provider [which] allowed criminals from Eastern Europe unauthorized access to some payment card numbers.”

The statement continues: “The U.S. Secret Service tells us that only card numbers and expiration dates were stolen. They do not believe any customer names, phone numbers, addresses or email addresses were compromised. This breach may have affected sales transactions between September 1, 2015 and September 27, 2015. If you used your credit or debit card during this time to purchase an item at any America’s Thrift Store location, the payment card number information on your card may have been compromised.”

While this is far from the first or worst incident in which an organization has suffered a data compromise as the result of a third party – Home Depot and Target are notable examples – the incident should serve as a salutary warning to all organizations to tighten supply-chain security.

ISO 27001 and the supply chain

The international standard ISO 27001 sets out the requirements of an ISMS (information security management system) – a holistic approach to information security that encompasses people, processes, and technology, and which can be applied throughout the supply chain: once you’ve registered your ISMS to the Standard you can demand that your suppliers do the same, demonstrating to stakeholders, customers, and staff that information security best practice is followed.

Implementing an ISMS enables organizations of all sizes, sectors, and locations to mitigate the risks they face with appropriate controls, limiting the inadvertent threats posed by untrained staff, inadequate procedures, out-of-date software solutions, and poorly configured third-party access rights.

Priced from only $659, IT Governance’s ISO 27001 Packaged Solutions provide unique information security implementation resources for all organizations, whatever their size, budget, or preferred project approach. Combining standards, tools, books, training, and online consultancy and support, they allow all organizations to implement an ISMS with the minimum of disruption and difficulty.