Payment-processing company says data breach potentially affected 1.7 million people

Avatar

Slim CD, a company that provides software to merchants for processing electronic payments, said the credit card information of nearly 1.7 million people was exposed to an “unauthorized actor” in mid-June.

The breached data potentially included “name, address, credit card number, and card expiration date,” but there is “no evidence that any such information has been used to commit identity theft or fraud,” the Florida-based company said in a notification letter filed September 6 with regulators.

The company has not released details about the nature of the intrusion or the attackers.

Slim CD’s Gateway product allows merchants in the U.S. and Canada “to take any kind of electronic payment with a single piece of software” that connects to broader processing networks like Visa or Mastercard.

The company said 1,693,000 people were affected by the breach, but did not break down that number by region. 

Slim CD said it took the usual steps of notifying law enforcement, calling in a third-party security specialist and reviewing its policies to help stop a similar incident from happening again.

The company said its own investigation revealed that the intruder had access to company systems as early as August 2023, but the actual data breach did not occur until June 14, 2024, lasting about a day. 

Payment processing has long been a target for cybercriminals, with recent incidents affecting a nationwide system in India, a buy-now, play-later platform and a company that handles services such as prepaid cards and digital banking.Stolen payment card details are often sold in batches on the dark web, resulting in billions of dollars in losses globally for card issuers.

CybercrimeNewsNews Briefs
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.

 

Total
0
Shares
Previous Post

Japanese media giant investigating another reported data leak by BlackSuit hackers

Next Post

Fortinet says hackers accessed ‘limited’ number of customer files on third-party drive

Related Posts

Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers

Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. "Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as create and
Avatar
Read More

Hackers Hijack Unsecured Jupyter Notebooks to Stream Illegal Sports Broadcasts

Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools. The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared with The
Avatar
Read More