Nearly 1.7 million consumers in the US and Canada Their data may have been exposed in a large-scale breach of their credit card database.
Florida-based payment processor Slim CD is sending customers emails saying their data may have been accessed between August 2023 and June 2024.
The company provides software systems to merchants that enable them to accept all types of electronic payments, both online and in person, through various types of hardware.
Slim CD, which only discovered the hack in June of this year, warned that “identity theft and [financial] ‘Fraud’ can be a problem after it is discovered that people’s names, addresses, credit card numbers and credit card expiration dates have been accessed.
Millions of Americans and Canadians may have been victims of a hack after a company that provides software for electronic payments discovered that its database had been accessed
According to Slim CD, the payment processing company notified the 797 Maine residents most at risk from the data breach “on or about September 6, 2024” (see example in photo).
While it is not known how many of the 1,693,000 customers were directly affected by the “data incident,” 797 Maine residents have been confirmed as being at greatest risk, according to warning notices Slim CD issued on Friday.
A representative for the Coral Springs-headquartered payment processor did not disclose whether the hackers specifically targeted Maine residents or whether that part of Slim CD’s database simply proved to be the most vulnerable.
While the hackers thankfully did not obtain any ‘card verification numbers’ (CVVs) in the hack, cybersecurity experts and Slim CD itself warn that cardholders should take steps to protect themselves.
Without CVV information, cybercriminals would be forced to make further hacking attempts to actually conduct fraudulent transactions with the stolen cards.
These follow-up hacking attempts can take the form of ‘phishing’ emails or text messages to those who have already been breached. This means that those whose credit card details have been stolen should be wary of requests for more personal information.
Security experts advise credit card holders who believe they have been a victim of a data breach to immediately contact their bank or credit card company to request a replacement card.
In addition, potential victims may also want to closely monitor their financial accounts for signs of fraud.particularly unauthorized transactions or more subtle changes to personal account information.
Although Slim CD did not specify exactly how the attackers managed to gain access to his system, Public ‘Data Event’ Notification (PDF), ‘experts believe a combination of phishing, malware or social engineering tactics may have been used,’ the British tech website said HackReading.
Shockingly, the payment processor revealed that the hackers first gained access to their system on August 17, 2023, but did not start working until mid-June 2024.
This “unauthorized access to the system,” their investigation found, was finally discovered that month when the hackers attempted to obtain the company’s credit card database.
“That access allowed an unauthorized user to view or obtain certain credit card information between June 14, 2024 and June 15, 2024,” Slim CD said.
Under normal circumstances, a company that discovers a data breach will typically offer those affected by its own security flaws “free access to the best identity theft protection services or at the very least credit monitoring,” according to VPN privacy tester and security author Anthony Spadafora noticed.
Slim CD says its gateway system software is designed to enable merchants to accept any form of electronic payment through a single piece of software from any computer or mobile device
Fortunately, executives at Slim CD tell DailyMail.com that they are doing just that for those affected.
“We provide credit monitoring to individuals in accordance with state and federal laws,” said Frank Haggar, Slim CD’s Chief Technology Officer, via email.
However, as stated in a warning message from Office of the Maine Attorney General — At the time the messages were posted, Slim CD did not offer any “identity theft protection services” to victims in that northeastern state.
According to his direct notification The company is also offering broader guidance to the approximately 800 Maine residents most at risk whose personal credit card information was stolen in the hack.
Slim CD said it ‘providing individuals with information on how to place a fraud alert and a security freeze on their credit file, the contact details of national credit reporting agencies, [and] information on how to get a free credit report.’
The company added that it also “encourages users of its customers’ payment software to contact the Federal Trade Commission, their state attorney general, and law enforcement to report attempted identity theft and fraud.”