Goodwill’s investigation revealed that malware had been installed on a third-party vendor system used by 10% of its franchised stores to process credit cards. Twenty of Goodwill’s 158 regional headquarters in the United States were impacted by the breach, because of the shared third-party system.
This link has the locations of Goodwill stores affected.