Payment-processing company says data breach potentially affected 1.7 million people

Avatar

Slim CD, a company that provides software to merchants for processing electronic payments, said the credit card information of nearly 1.7 million people was exposed to an “unauthorized actor” in mid-June.

The breached data potentially included “name, address, credit card number, and card expiration date,” but there is “no evidence that any such information has been used to commit identity theft or fraud,” the Florida-based company said in a notification letter filed September 6 with regulators.

The company has not released details about the nature of the intrusion or the attackers.

Slim CD’s Gateway product allows merchants in the U.S. and Canada “to take any kind of electronic payment with a single piece of software” that connects to broader processing networks like Visa or Mastercard.

The company said 1,693,000 people were affected by the breach, but did not break down that number by region. 

Slim CD said it took the usual steps of notifying law enforcement, calling in a third-party security specialist and reviewing its policies to help stop a similar incident from happening again.

The company said its own investigation revealed that the intruder had access to company systems as early as August 2023, but the actual data breach did not occur until June 14, 2024, lasting about a day. 

Payment processing has long been a target for cybercriminals, with recent incidents affecting a nationwide system in India, a buy-now, play-later platform and a company that handles services such as prepaid cards and digital banking.Stolen payment card details are often sold in batches on the dark web, resulting in billions of dollars in losses globally for card issuers.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.

 

Total
0
Shares
Previous Post

Japanese media giant investigating another reported data leak by BlackSuit hackers

Next Post

Fortinet says hackers accessed ‘limited’ number of customer files on third-party drive

Related Posts

Critical WordPress Anti-Spam Plugin Flaws Expose 200,000+ Sites to Remote Attacks

Two critical security flaws impacting the Spam protection, Anti-Spam, and FireWall plugin WordPress could allow an unauthenticated attacker to install and enable malicious plugins on susceptible sites and potentially achieve remote code execution. The vulnerabilities, tracked as CVE-2024-10542 and CVE-2024-10781, carry a CVSS score of 9.8 out of a maximum of 10.0. They were addressed in versions
Avatar
Read More