Electronic payment gateway Slim CD has been hit by a cyber-attack, potentially exposing the credit card details of 1.7 million individuals.
The firm, which handles electronic payments for US and Canadian-based merchants, revealed that it became aware of suspicious activity in its computer environment around June 15, 2024.
A subsequent investigation identified system access between August 17, 2023, and June 15, 2024, which may have enabled an attacker to view or obtain certain credit card information between June 14, 2024, and June 15, 2024.
The data accessed included users’ credit card numbers, card expiration dates, and their names and addresses.
According to a data breach notification on the Office of the Maine Attorney General’s website, 1.69 million individuals were affected by the incident.
Slim CD said it began sending emails to potentially affected individuals on September 6 to provide them with “accurate and complete notice.”
Law enforcement and regulatory authorities have been informed of the incident.
The company has no evidence that the breached information has been used to commit identity theft or fraud.
However, potentially impacted individuals have been advised to undertake a free credit check and place a “fraud alert” on their credit file.
“Slim CD encourages individuals who may be affected to remain vigilant against incidents of identity theft and fraud by reviewing account statements and explanation of benefits, and monitoring free credit reports for suspicious activity and to detect errors,” the firm stated.
Payment Card Breaches in the Spotlight
Slim CD’s notification is the latest in a series of breaches involving individuals’ payment card information this year.
In August 2024, Oregon Zoo warned that 117,815 customers may have had their payment card information compromised by cybercriminals after an unauthorized actor redirected customers’ transactions from a third-party vendor who processed online ticket purchases.
In the same month, Fota Wildlife Park in Ireland warned customers who did financial transactions on its website between 12 May and 27 August to cancel their credit or debit cards after a cyber-attack.
American Express (Amex) told customers in March that their credit card details may have been compromised following a third-party data breach.
Source: https://www.infosecurity-magazine.com/news/cyber-attack-exposes-credit-card/
Latest News:
- #CyberMonth: Software Updates, A Double-Edged Sword for Cybersecurity Professionals
Software updates are critical in protecting systems from cyber threats and providing new and improved functionality to software products. They are necessary to patch vulnerabilities that can be exploited by malicious actors, ensuring that systems remain secure. Software updates are one of the four pillars of the 2024 International Cybersecurity Awareness Month campaign. As part … - Universal Music Group Admits Data Breach
Universal Music Group (UMG), one of the world’s largest music corporations, disclosed a data breach in mid-July 2024. According to a filing with the Maine Attorney General’s Office, the breach may have exposed the personal information of 680 US residents. In the filing, UMG said it detected unauthorized activity in one of its internal applications on July 15, … - Sellafield Fined for Cybersecurity Failures at Nuclear Site
Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences …
