Written by 7:19 pm Security News

Cyber-Attack on Payment Gateway Exposes 1.7 Million Credit Card Details

Cyber-Attack on Payment Gateway Exposes 1.7 Million Credit Card Details

Electronic payment gateway Slim CD has been hit by a cyber-attack, potentially exposing the credit card details of 1.7 million individuals.

The firm, which handles electronic payments for US and Canadian-based merchants, revealed that it became aware of suspicious activity in its computer environment around June 15, 2024.

A subsequent investigation identified system access between August 17, 2023, and June 15, 2024, which may have enabled an attacker to view or obtain certain credit card information between June 14, 2024, and June 15, 2024.

The data accessed included users’ credit card numbers, card expiration dates, and their names and addresses.

According to a data breach notification on the Office of the Maine Attorney General’s website, 1.69 million individuals were affected by the incident.

Slim CD said it began sending emails to potentially affected individuals on September 6 to provide them with “accurate and complete notice.”

Law enforcement and regulatory authorities have been informed of the incident.

The company has no evidence that the breached information has been used to commit identity theft or fraud.

However, potentially impacted individuals have been advised to undertake a free credit check and place a “fraud alert” on their credit file.

“Slim CD encourages individuals who may be affected to remain vigilant against incidents of identity theft and fraud by reviewing account statements and explanation of benefits, and monitoring free credit reports for suspicious activity and to detect errors,” the firm stated.

Payment Card Breaches in the Spotlight

Slim CD’s notification is the latest in a series of breaches involving individuals’ payment card information this year.

In August 2024, Oregon Zoo warned that 117,815 customers may have had their payment card information compromised by cybercriminals after an unauthorized actor redirected customers’ transactions from a third-party vendor who processed online ticket purchases.

In the same month, Fota Wildlife Park in Ireland warned customers who did financial transactions on its website between 12 May and 27 August to cancel their credit or debit cards after a cyber-attack.

American Express (Amex) told customers in March that their credit card details may have been compromised following a third-party data breach.

Source: https://www.infosecurity-magazine.com/news/cyber-attack-exposes-credit-card/

Latest News:

  • Sellafield Fined for Cybersecurity Failures at Nuclear Site
    Sellafield Ltd. has been fined £332,500 ($437,440) for cybersecurity failures at the Sellafield nuclear facility in Cumbria, North-West England. Westminster Magistrates Court issued the fine following a prosecution brought by the Office for Nuclear Regulation (ONR), the UK’s independent nuclear regulator. Sellafield Ltd has also been ordered to pay prosecution costs of £53,253.20 ($70,060). The offences …
  • Ransomware Attack Forces UMC to Divert Emergency Patients
    The University Medical Center (UMC) Health System in Lubbock, Texas, has confirmed a ransomware attack that disrupted its IT infrastructure last week, forcing the diversion of emergency and non-emergency patients.  UMC, the only level 1 trauma centre within 400 miles, faced significant operational challenges, with phone systems down and the patient portal inaccessible. Despite this, …
  • British Hacker Charged in the US For $3.75m Insider Trading Scheme
    A British hacker accused of orchestrating a $3.75m insider trading scheme has been charged in the US. Robert Westbrook, 39, allegedly gained unauthorized access to corporate executives’ email accounts to profit from confidential financial information. US authorities arrested Westbrook last week in London, and he is awaiting extradition to face multiple charges, including securities fraud …