BIGFISH TECHNOLOGY LIMITED
10 September 2024

Slim CD, a payment gateway provider, has announced a data breach that affected nearly 1.7 million people's credit card and personal information.

According to the letter provided to impacted clients, hackers had access to the company's network for over a year, from August 2023 to June 2024.

Slim CD provides payment processing solutions that allow businesses to accept electronic and card payments using web-based terminals, mobile or desktop apps.

On June 15, the company noticed suspicious activity on its networks for the first time this year. During the inquiry, the organization learned that hackers had accessed its network since August 17, 2023.

"The investigation identified unauthorized system access between August 17, 2023, and June 15, 2024," reads the notification to affected persons.

However, Slim CD claims that the threat actor accessed or gained access to credit card information this year for two days, between June 14th and 15th.

"That access may have enabled an unauthorized actor to view or obtain certain credit card information between June 14, 2024 and June 15, 2024," Slim CD said in the data breach report.

The unapproved portion may have accessed the following data types:

  • Full Name
  • Physical address.
  • Credit card number
  • Payment card's expiration date

 

Though the disclosed information is insufficient for cybercriminals to carry out fraudulent transactions, the absence of the card verification number (CVV) raises the danger of credit card fraud.

Slim CD says it has strengthened its security to avoid similar problems in the future.

At the same time, it recommends notification recipients to keep an eye out for symptoms of fraud and identity theft efforts, and to report any suspicious behavior to the card issuer as soon as possible.

The impacted individuals received no free identity theft protection services.

Slim CD provides payment processing services to a variety of businesses, including retail, hospitality, and restaurants, but those getting breach notices are likely unfamiliar with the company because they have never directly interacted with it.

 

Source: Bleeping Computer