Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M individuals

Payment gateway provider Slim CD disclosed a data breach, credit card and personal data of almost 1.7 million individuals were compromised.

The electronic payment gateway Slim CD disclosed a data breach following a cyberattack. Personal data and credit card details of 1,693,000 individuals were compromised.

Slim CD’s gateway system allows merchants to accept any kind of electronic payment with a single piece of software. The company processes payments for merchants in the US and Canada.

According to the data breach notification sent to the impacted individuals, threat actors had access to its systems between August 17, 2023, and June 15, 2024.

The company notified federal law enforcement regarding the event and launched an investigation into the incident with the help of a third-party specialist.

“On or about June 15, 2024, Slim CD became aware of suspicious activity in its computer environment. Upon learning of the activity, Slim CD launched an investigation to determine the full nature and scope of the activity.” reads the data breach notification. The investigation identified unauthorized system access between August 17, 2023, and June 15, 2024. That access may have enabled an unauthorized actor to view or obtain certain credit card information between June 14, 2024, and June 15, 2024. Slim CD subsequently conducted a comprehensive review of the accessible credit card information to identify the potentially affected cardholders, and this review recently concluded.”

The data breach potentially compromised names, addresses, credit card numbers, and card expiration dates.

The investigation revealed that the threat actors had access to credit card information only between June 14th and 15th. Card verification numbers (CVV) were not exposed, however, threat actors can obtain them from cardholders through social engineering attacks.

Impacted individuals are recommended to remain vigilant for fraudulent attempts and report any suspicious activity to the card issuer.

“Additionally, Slim CD is providing impacted individuals with guidance on how to better protect against identity theft and fraud, including advising individuals to report any suspected incidents of identity theft or fraud to their credit card company and/or bank.” concludes the notification. “Slim CD is providing individuals with information on how to place a fraud alert and security freeze on one’s credit file, the contact details for the national consumer reporting agencies, information on how to obtain a free credit report, a reminder to remain vigilant for incidents of fraud and identity theft by reviewing account statements and monitoring free credit reports, and encouragement to contact the Federal Trade Commission, their state Attorney General, and law enforcement to report attempted or actual identity theft and fraud.”

The electronic payment gateway did not offer identity theft protection services to the impacted individuals.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)