Credit Card Payment Processor Says Hack Affected Nearly 1.7 Million People

Slim CD, a credit card processing service company popular in the United States and Canada, recently revealed that a hack, which took place last year, exposed personal information of almost 1.7 million customers.
“On or about June 15, 2024, Slim CD became aware of suspicious activity in its computer environment,” said a Sept. 6 customer notification letter from the company.
The Florida-based company said unauthorized system access occurred between Aug. 17, 2023, and June 15, 2024.
“That access may have enabled an unauthorized actor to view or obtain certain credit card information,” Slim CD said.
The company said customer names, addresses, credit card numbers, and card expiration dates were potentially accessed by the hacker.
The business estimates that more than 1.69 million customers have been impacted by the breach, according to a filing with the Maine Attorney General’s office. The firm started sending letters to customers from Sept. 6, notifying them about the incident.
“Slim CD encourages individuals who may be affected to remain vigilant against incidents of identity theft and fraud by reviewing account statements and explanation of benefits, and monitoring free credit reports for suspicious activity and to detect errors,” the company said.
Slim CD provides payment gateway services as well as develops credit card-processing software. The firm has not provided any identity theft protection services to affected customers, the Maine attorney general filing shows.
The company suggested that consumers order a free credit report to monitor their accounts, noting that U.S. law allows for a free report annually from three major credit reporting bureaus: Equifax, Experian, and TransUnion.
Customers also have the right to place a “fraud alert” on a credit file at no cost, which would compel businesses to verify a customer’s identity prior to extending new credit, the firm noted.
An alternative would be to place a “credit freeze” on a credit report, which is “designed to prevent credit, loans, and services from being approved in a consumer’s name without consent,” the company stated.
The stolen information included customers’ names, Social Security numbers, bank account numbers, and contact information.
“Data/database sales and leaks constitute the majority at 62.52 percent. Credit card sales and carding methods follow as the second most common type at 15.1 percent, while initial access sales rank third. This highlights the prevalence of data breaches and financial fraud in the cyber threat landscape,” the report stated.
“The financial institutions most frequently targeted by these cyber attacks are based in the United States, India, the United Kingdom, Russia, China, Spain, Brazil, Indonesia, Canada, and Germany.”
A second-quarter report by cyber threat investigative team Check Point Research found there was a 30 percent increase in global cyber attacks during this period.
Out of the 14 industries tracked by the firm, the finance/banking sector came in at the fourth spot. Seven percent of ransomware attacks analyzed by the firm targeted this sector, with only retail/wholesale, health care, and manufacturing industries above it.
Government agencies are looking into the AI issue. In March, the U.S. Department of Treasury released a report on managing AI-specific cybersecurity threats facing the financial industry.
It revealed there was a widening “capability gap” when it comes to deploying AI-systems between small and large financial institutions.
Large institutions are found to be developing their own AI systems while smaller institutions may not be in a position to do so as they lack internal data resources, the Treasury noted.