A cyber attack on the electronic payment gateway Slim CD has potentially exposed the credit card details of 1.7 million individuals in the United States.
The breach, first discovered on June 15, 2024, saw hackers gain access to Slim CD’s IT systems for over 11 months – since August 17 2023.
A subsequent investigation revealed this access could have enabled an attacker to view or obtain certain credit card information between June 14, 2024 and June 15, 2024.
After reviewing the potentially accessed information, Slim CD determined that names, addresses, and credit card numbers and expiration dates were likely compromised.
In a data breach notification submitted to the Office of the Maine Attorney General, the companyrevealed as many as 1.69 million individuals may have been impacted by the incident.
It said it began sending emails to potentially affected individuals on September 6 to provide them with “accurate and complete notice.”
The company said it has no evidence that the breached information has been used to commit identity theft or fraud.
Potentially impacted individuals have been advised to undertake a free credit check and place a “fraud alert” on their credit file.
Slim CD is not offering identity theft protection services to the affected individuals, but encourages them to remain vigilant against identity theft and fraud attempts.
“Slim CD encourages individuals who may be affected to remain vigilant against incidents of identity theft and fraud by reviewing account statements and explanation of benefits, and monitoring free credit reports for suspicious activity and to detect errors,” the firm stated.
“Upon discovery of this incident, we quickly commenced a thorough investigation and took steps to implement additional safeguards and review our policies and procedures relating to data privacy and security,” the company added.
Payment Gateway breached
Slim CD handles electronic payments, such as credit card payments, for merchants in both the US and Canada, but it is unclear whether the data breach has affected individuals in Canada.
The breach is just the latest attack in recent months where payment card details have been stolen.
Just last week, customers from the Fota Wildlife Park in Ireland had their financial data compromised along with website usernames, passwords and email addresses linked to their accounts.
"The loss of private data is always a serious concern, affecting both the user whose data was compromised, due to potential identity theft or financial loss, and the Slim CD service provider, which may face reputational damage and regulatory penalties,” said Boris Cipot, a senior security engineer at the Synopsys Software Integrity Group.
“Affected users should carefully monitor their credit card statements for any suspicious activity. It's also advisable to inform the credit card issuer about the incident and follow any instructions they provide."