Hackers breach payment service provider Slim CD; Credit Card Data of 1.7 Million People Exposed

A recent data breach affecting Slim CD, a popular payment gateway provider, has exposed the financial data of over 1.7 million credit card owners.

Slim CD provides payment processing solutions to merchants and businesses, handling millions of transactions daily. Unfortunately, cybercriminals infiltrated their system, compromising payment data, including names, addresses, credit card numbers and card expiration dates.

According to a data breach notice, threat actors had access to its systems between Aug. 17, 2023 and June 15, 2024, and it was only recently detected.

Below is a snippet of the data breach letter sent to impacted individuals

“On or about June 15, 2024, Slim CD became aware of suspicious activity in its computer environment. Upon learning of the activity, Slim CD launched an investigation to determine the full nature and scope of the activity. Slim CD engaged, through counsel, a third-party specialist to investigate the incident.

“The investigation identified unauthorized system access between August 17, 2023, and June 15, 2024. That access may have enabled an unauthorized actor to view or obtain certain credit card information between June 14, 2024, and June 15, 2024. Slim CD reviewed the accessible credit card information to identify the potentially affected cardholders so that it could notify those individuals.”

Slim CD has since taken several actions to mitigate the effects of the breach, including notifying affected businesses and working with financial institutions to flag compromised accounts.

What Can Customers Do to Stay Safe

Users should take several key steps to mitigate the risk of fraud or identity theft following this breach, including:

• Monitoring credit card statements and reviewing all recent past transactions for unauthorized charges. Report any suspicious activity immediately to your bank or credit card issuer.
• Request a new credit card if your card details were compromised. Most banks and credit card companies offer this service for free in the event of a data breach.
• Activate credit card alerts to help quickly catch any unauthorized activity.
• Enroll in credit monitoring services to track your credit report for unusual activity, such as new accounts opened in your name, and to help you detect identity theft early.
• Regularly review your credit reports from the three major credit bureaus (Equifax, Experian, and TransUnion). You are entitled to one free credit report from each bureau annually at AnnualCreditReport.com.
• Consider placing a credit freeze or fraud alert to prevent creditors from accessing your credit report, making it harder for identity thieves to open accounts in your name.
• Update your passwords. Even if the breach primarily involved payment data, it’s always a good practice to update your online account passwords. Use strong, unique passwords for each account. You can also opt for a password manager to help you securely generate, manage and store them. Enable 2FA and MFA whenever possible.
• Beware of phishing scams. Cybercriminals may try to exploit the situation by sending phishing emails or making scam phone calls to victims. Be cautious of messages claiming to come from Slim CD or your bank, especially if they ask for personal information.

Use Bitdefender  Scamio to detect scams. Scamio is an AI-powered tool that detects scams. Simply describe the phone call or message you received, and Scamio will analyze it for scam indicators. You can also send texts, SMSs, links, images, and QR codes and check them in the same way. Scamio is free and available on Facebook Messenger, WhatsApp, and your web browser. You can also help others stay safe by sharing Scamio with them in France, Germany, Spain, Italy, Romania, Australia and the UK.

• Notify financial institutions of potential fraud. Inform your bank and credit card companies that your payment information may have been compromised.
• Monitor for leaks of personal information on the dark web. Bitdefender Digital Identity Protection monitors your most sensitive data, starting with just an email address and phone number. It automatically finds your private information in online legal and illegal collections of data and even checks if your personal details have been exposed on the dark web.