Slim CD, a payment gateway provider, has disclosed a major data breach that compromised the credit card and personal information of nearly 1.7 million individuals. The breach, which allowed hackers to roam freely within the company’s network for almost a year, occurred between August 2023 and June 2024.
What Happened?
Slim CD, known for its payment processing solutions that enable businesses to accept electronic and card payments through web terminals, mobile devices, and desktop apps, detected suspicious activity on its systems on June 15, 2024. What they uncovered was alarming: unauthorized access to their network dated back to August 17, 2023.
For nearly a year, hackers had access to Slim CD's systems, but it wasn’t until June 14th and 15th, 2024, that they gained access to sensitive credit card information.
What Information Was Compromised?
According to the breach notification sent to impacted individuals, the hackers may have viewed or obtained the following information:
Full names
Physical addresses
Credit card numbers
Payment card expiration dates
Although the card verification value (CVV) wasn't accessed, the exposed information is still enough to create a potential risk of credit card fraud.
A Year-Long Breach, But Only Two Days of Critical Access
While hackers had access to Slim CD's systems for nearly a year, the company clarified that credit card data was only at risk for two days—between June 14 and June 15, 2024. "That access may have enabled an unauthorized actor to view or obtain certain credit card information during that brief period," Slim CD explained in its breach notification.
How Did This Happen?
The investigation into the breach revealed that Slim CD's systems had been vulnerable since August 17, 2023. While details on how the hackers infiltrated the network remain unclear, Slim CD has since taken steps to strengthen its security infrastructure to prevent future incidents.
What Should Affected Individuals Do?
Although Slim CD did not offer free identity theft protection services, they encouraged all affected individuals to stay vigilant. The company advised those impacted by the breach to monitor their financial accounts for any suspicious activity and to report potential fraud to their card issuers immediately.
Why You Might Have Never Heard of Slim CD
Many people who received the breach notification may be wondering, "Who is Slim CD?" Despite the breach impacting millions, most individuals likely never interacted with the company directly. Slim CD serves as a behind-the-scenes payment processor for various industries, including retail, hospitality, and restaurants, meaning the compromised data may have been collected by businesses that use Slim CD’s services without the consumer's direct knowledge.
What’s Next?
As cyberattacks on financial institutions and payment processors become increasingly common, the Slim CD breach serves as a reminder of the importance of robust cybersecurity. For Slim CD, the focus now shifts to preventing future incidents and regaining the trust of the businesses and customers impacted by this breach. Meanwhile, affected individuals are left to monitor their financial accounts, aware of the ongoing risks posed by exposed personal and payment data.
Though Slim CD claims the information accessed is not enough to enable full-on fraudulent transactions without the CVV, the data exposed could still be used in malicious ways. Now, more than ever, vigilance is key.