Fee gateway supplier Slim CD has disclosed an information breach that compromised bank card and private information belonging to nearly 1.7 million people.
Within the notification despatched to impacted shoppers, the corporate says that hackers had entry to its community for almost a 12 months, between August 2023 and June 2024.
Slim CD is a supplier of fee processing options that permits companies to entry digital and card funds through web-based terminals, cell, or desktop apps.
The agency first detected suspicious exercise on its programs this 12 months on June 15. Throughout the investigation, the corporate found that hackers had gained entry to its community since August 17, 2023.
“The investigation recognized unauthorized system entry between August 17, 2023, and June 15, 2024,” reads the notification to impacted people.
Nonetheless, Slim CD says that the risk actor seen or obtained entry to bank card info this 12 months for 2 days, between June 14th and fifteenth
“That entry might have enabled an unauthorized actor to view or acquire sure bank card info between June 14, 2024, and June 15, 2024,” Slim CD says within the information breach notification.
The forms of information which will have been accessed by the unauthorized half embody:
- Full title
- Bodily deal with
- Bank card quantity
- Fee card expiration date
Although the uncovered info just isn’t sufficient to permit cybercriminals to carry out fraudulent transactions, because the card verification quantity (CVV) is lacking, a threat of bank card fraud nonetheless exists.
Slim CD says it has taken measures to strengthen its safety to forestall comparable incidents sooner or later.
On the similar time, it advises the discover recipients to stay vigilant for indicators of fraud and id fraud makes an attempt and report suspicious exercise to the cardboard issuer as quickly as doable.
No free-of-charge id theft safety providers had been supplied to the affected people.
Slim CD presents fee processing providers to numerous industries, together with retail, hospitality, and eating places, however people receiving the breach notifications are possible unfamiliar with it as they by no means immediately interacted with the corporate.