The payment processor at the center of the data breach affecting Goodwill Industries International admitted that hackers held a foothold in their environment for more than year.