Massive data breach exposes credit card details of 1.7 million users — here’s what you should do

The cyberattack on payment gateway provider Slim CD lasted for over a year.

UPDATED 5 DAYS AGO

Credit card data of nearly 1.7 million US and Canadian citizens was potentially stolen in a massive breach. Florida-based payment gateway provider Slim CD recently notified its customers about a year-long cyberattack. As per the official notification, hackers had access to the credit card information of Slim CB clients from August 2023 till June 2024, and the breach was only detected in September this year, Bleeping Computer reported.

Payment gateway data breach affects 1.7 million credit card owners - @billtoulas https://t.co/BxtqJiJzc0 https://t.co/BxtqJiJzc0
— BleepingComputer (@BleepinComputer) September 9, 2024

A year-long attack

Slim CD provides software systems to merchants to facilitate electronic payment both online and in-person, across a variety of hardware. In June, the company first discovered that hackers had gained unauthorized access to its systems.

Representative image | Freepik | Image by jcomp

Upon conducting an internal investigation, the company found that the infiltrators first breached the security systems all the way back on August 17, 2023. However, the company clarified that the hackers could only view or steal the credit card data of its clients for two days that is from June 14 to June 15, when it discovered the breach.

Scale of the data breach

According to Bleeping Computer, data of 1.7 million people was compromised. As per the official notification, the types of data that may have been accessed include:

Full name of users

Physical address

Credit card numbers

Payment card expiration dates

However, the company argued that the stolen data wasn't enough for hackers to commit fraud as the card verification numbers or CVVs weren't stolen. Without the CVV information, hackers can't make any transactions on the credit cards. Despite this, there is still some risk of cardholders falling prey to identity theft and other fraud.

Here's what to do to be safe

Slim CD stated that it has taken measures to strengthen its security to prevent breaches s in the future. The company said it had also notified federal law enforcement regarding the event.

Apart from conducting a review of its existing policies and procedures for data protection, Slim CD is providing impacted individuals with guidance on how to better protect against identity theft and fraud.

Users are thus advised to:

Immediately change passwords or usernames (if possible) of their online banking accounts.

Place a fraud alert on their credit card. Users can contact any of the three national credit bureaus, Equifax, Experian, or TransUnion, and request to place a fraud alert on their card.

Initiate a credit freeze which will prevent credit, loans, and services from being approved in a consumer’s name without their consent. This can also be done by contacting any of the credit bureaus via phone or email.

Review credit reports and statements regularly. Users can visit AnnualCreditReport.com. to order a report or reach out to any of the credit bureaus.

Tom's Guide further suggests that users can dump their cards and get a new credit card issued from the bank to bolster security.

In case users suspect that their identity has been stolen or any fraud has occurred, they should immediately notify their bank and report to the Federal Trade Commission.

Normally when such large-scale data breach occurs, companies provide free-of-cost identity theft protection. However, in this case, Slim CD is not providing any such remedy. Thus, users are on their own to protect themselves.