Electronic payment gateway Slim CD has been hit by a cyber-attack, potentially exposing the credit card details of 1.7 million individuals.
The firm, which handles electronic payments for US and Canadian-based merchants, revealed that it became aware of suspicious activity in its computer environment around June 15, 2024.
A subsequent investigation identified system access between August 17, 2023, and June 15, 2024, which may have enabled an attacker to view or obtain certain credit card information between June 14, 2024, and June 15, 2024.
The data accessed included users’ credit card numbers and card expiration dates, as well as their names and addresses.
According to a data breach notification on the website of the Office of the Maine Attorney General, 1.69 million individuals are affected by the incident.
Slim CD said it began sending emails to potentially affected individuals on September 6 to provide them with “accurate and complete notice.”
Law enforcement and regulatory authorities have been informed of the incident.
The company currently has no evidence that the breached information has been used to commit identity theft or fraud.
However, potentially impacted individuals have been advised to undertake a free credit check and place a “fraud alert” on their credit file.
“Slim CD encourages individuals who may be affected to remain vigilant against incidents of identity theft and fraud by reviewing account statements and explanation of benefits, and monitoring free credit reports for suspicious activity and to detect errors,” the firm stated.
Payment Card Breaches in the Spotlight
Slim CD’s notification is the latest in a series of breaches involving individuals’ payment card information this year.
In August 2024, Oregon Zoo warned that 117,815 customers may have had their payment card information compromised by cybercriminals after an unauthorized actor redirected customers’ transactions from a third-party vendor who processed online ticket purchases.
Read now: New PCI SSC Head Outlines Evolving Payment Security Amid Standards Upgrade
In the same month, Fota Wildlife Park in Ireland warned customers who carried out financial transactions on its website between 12 May and 27 August to cancel their credit or debit cards after a cyber-attack.
American Express (Amex) told customers in March that their credit card details may have been compromised following a third-party data breach.