Payment processing solutions provider Slim CD has announced a data breach that has affected nearly 1.7 million individuals, exposing their credit card and personal information.
In the communication dispatched to affected clients, the company disclosed that cybercriminals had infiltrated its network for almost a year, from August 2023 to June 2024. Slim CD specializes is a payment gateway provider, allowing businesses to facilitate electronic and card payments through web-based terminals, as well as mobile and desktop applications.
Unusual Activity Identified
The company initially identified unusual activity within its systems on 15 June of this year. Further investigation revealed that unauthorized individuals had infiltrated its network as early as August 17, 2023.
The notification to affected individuals states:
- The investigation identified unauthorized system access between August 17, 2023, and June 15, 2024.
Credit Card Information Accessed Over Two Days
Slim CD reports that the threat actor accessed or viewed credit card information for a duration of two days this year, specifically from 14 June to 15 June. Slim CD provides payment processing services across multiple sectors, such as restaurants, hospitality and retail. However, individuals who receive breach notifications may not be acquainted with the company, as they have not engaged with it directly.
Data that that could have been accessed includes:
- Name
- Address
- Credit Card Number
- Card Expiry Date
Potential Risk Of Credit Card Fraud Remains
While the disclosed information does not provide sufficient details for cybercriminals to execute fraudulent transactions due to the absence of the card verification number (CVV), there remains a potential risk of credit card fraud.
Slim CD said that it has implemented enhanced security measures to avert the occurrence of similar incidents in the future. Concurrently, it urges the recipients of the notice to stay alert for any indications of fraud or identity theft attempts and to promptly report any suspicious activities to their card issuer.
“While it is fortunate that the hackers did not acquire card verification numbers (CVVs) during the breach, cardholders should take proactive measures for their protection,” said Jeremy Greenwood, Global Cybersecurity Account Director, SentryBay. “In the absence of CVV details, cybercriminals may resort to further hacking strategies to facilitate fraudulent transactions using the compromised cards. These additional hacking efforts may comprise of phishing emails or text messages directed at individuals already affected by the data breach. SentryBay stands ready with its Armored Client solution to deliver proven protection for banks and financial companies against data breaches from threat actors.”