Slim CD, a processing gateway that handles credit card payments for U.S. and Canadian merchants, revealed it was hit by a cyberattack in June. The breach potentially exposed the credit card details of 1.7 million individuals.
Slim CD said that the compromised data included users’ credit card numbers, expiration dates, names, and addresses. The company first became aware of suspicious activity on June 15 and was reportedly able to shut down the breach quickly.
According to the company’s statement, an investigation revealed unauthorized access to its systems from August 17, 2023 to June 15, 2024. This breach may have allowed an unauthorized actor to view or obtain certain credit card information between June 14, 2024 and June 15, 2024.
“It is extremely troublesome that the payment processing giant did not detect the breach for almost a year,” said Jennifer Pitt, Senior Analyst, Fraud and Security at Javelin Strategy & Research. “This breach, along with the many other data breaches reported this year, begs the question of whether companies are doing enough to secure their data and detect intrusions early, before data is compromised. From someone on the outside looking in, it certainly appears that many companies are choosing to skirt robust data security practices in favor of saving money instead.”
Fallout From the Hack
Slim CD supports a wide range of payment processors, including Elavon, Worldpay, and FirstData. While 1.7 million compromised credit cards is a lot, it’s worth noting that there are roughly 500 million credit cards in the United States alone.
Slim CD stated it began sending emails to potentially affected individuals earlier this month to ensure they receive “accurate and complete notice.” In general, unless a company notifies consumers directly, there is no way to know if their credit card data has been exposed.
The company says that it has found no evidence that the breached information has been used for identity theft or fraud.
“Those with their credit card information exposed should not take this as a green light to keep using the same card,” said Pitt. “Criminals may try to use the compromised card right away or they may sell the information to someone who holds onto it long enough to establish a false sense of security for the credit card holder.”
Pitt advised that victims of the breach should cancel the affected card. She also recommends that consumers change any passwords associated with the compromised account, monitor their credit card statements and credit reports, and consider placing a fraud alert on their credit cards and credit profiles.
