- Slim CD breach affected nearly 1.7 million in US, Canada
- Credit card details exposed, fraud risks heightened
- Advice offered: credit monitoring, fraud alerts, security freezes
Almost 1.7 million individuals in the United States and Canada may have compromised their information in a massive credit card database breach.
Slim CD, a Florida-based payment processor, is emailing clients to notify them that their information may have been accessed between August 2023 and June 2024.
The company supplies merchants with software systems that allow them to accept any electronic payment, both online and in-person, using various devices.
Slim CD, which just detected the incident in June of this year, cautioned that ‘identity theft and [financial] fraud’ could be difficult after discovering that people’s names, addresses, credit card numbers, and expiration dates had all been compromised.
While it is uncertain how many of the 1,693,000 consumers were directly affected by the ‘data event,’ 797 Maine residents were identified as most vulnerable, according to Slim CD’s warning notices published Friday.
A representative of the Coral Springs-based payment processor declined to say if the hackers specifically targeted Maine residents or if this area of Slim CD’s database had simply proven to be the most vulnerable.
Although the hackers did not get ‘card verification numbers’ (CVVs) during the hack, cybersecurity experts and Slim CD have advised cardholders to take precautions to safeguard themselves.
Without CVV information, fraudsters must use more sophisticated hacking techniques to conduct fraudulent transactions with these stolen cards.
These follow-up hacking attempts could take the shape of ‘phishing’ emails or text messages to those who have already been affected by the data breach, so those whose credit card information has been stolen should be careful of requests for further private information.
According to security experts, credit card holders who suspect they may have been affected by the incident should call their bank or credit card provider immediately to get a new card.
Potential victims may also want to constantly monitor their financial accounts for fraud symptoms, such as unauthorized transactions or subtle changes to personal account information.
While Slim CD did not indicate how its attackers gained access to its system in its public ‘Data Event’ notice (PDF), ‘experts assume that a mix of phishing, malware, or social engineering approaches may have been deployed,’ according to UK tech site HackRead.
Surprisingly, the payment processor revealed that the hackers appeared to have initially gotten access to their system on August 17, 2023, but only began in mid-June 2024.
According to their research, this ‘unauthorized system access’ was ultimately detected that month when the hackers attempted to access the firm’s credit card database.
‘That access may have enabled an unauthorized actor to see or gain certain credit card information between June 14, 2024, and June 15, 2024,’ Slim CD says.
Under normal circumstances, a company that discovers a data breach will often offer those affected by its own security flaws ‘free access to either the top identity theft protection services or at least credit monitoring,’ VPN privacy tester and security writer Anthony Spadafora observed.
Fortunately, critical executives at Slim CD say they do just that for affected individuals.
We provide credit monitoring to individuals in compliance with state and federal rules,’ Slim CD’s chief technology officer Frank Haggar said in an email.
“Take a step towards financial freedom – claim your free Webull shares now!”
However, according to an advisory warning issued by the Office of the Maine Attorney General, Slim CD does not offer ‘identity theft protection services’ to victims in that northern state at publication.
According to its direct notice to the 800 or so most ‘at-risk’ Mainers whose private credit card information was stolen in the theft, the business is also providing broader advice.
Slim CD stated that it is ‘offering individuals information on how to place a fraud alert and security freeze on one’s credit file, the contact details for the national consumer reporting agencies, and information on how to receive a free credit report.’
The company also encouraged users of its clients’ payment software to “contact the Federal Trade Commission, their state Attorney General, and law enforcement to report attempted or actual identity theft and fraud.”