Payment Provider Data Breach Exposes Credit Card Information of 1.7 million Customers

On September 10, 2024 Canadian payment gateway provider, Slim CD, issued an incident notice to 1.7 million individuals stating their personal and credit card information had been stolen in a 10-month long data breach. 

The company first detected suspicious activity on its system on June 15, 2024, however an investigation has revealed the system was first breached on August 16, 2023. This meant hackers had access to Slim CD’s network and infrastructure for almost a year.

While Slim CD insists that cybercriminals had access to credit card numbers for only two days, between June 14 and June 15, 2024, the information accessed includes the full names, credit card expiration dates, and customer’s physical addresses of US and Canadian users.

Due to the nature of its business, Slim CD stores credit card information to allow users and businesses to access card payments online, with the company reassuring users it has now taken “steps to implement additional safeguards”, review its policies relating to data security and privacy, call in a third-party security specialist, as well as reporting the incident to federal law enforcement and regulatory authorities.

The organization has not released information or details about the cybercriminals or about the nature of the attack, but payment processing has long been a target for cybercriminals with incidents affecting the National Payments Corporation in India, Evolve Bank, and financial services business Paysign.

Slim CD has not offered those affected by the data breach any free of charge identity theft protection, instead the organization had recommended that customers take the necessary steps to protect themselves. This advice includes “remaining vigilant against incidents of identity theft and fraud”, and “monitoring free credit reports for suspicious activity and to detect errors”.

In the past two decades, nearly one-fifth of reported cyber incidents have affected the global financial sector, causing $12 billion in direct losses to financial firms, according to the IMF’s Global Financial Stability Report. Since 2020, direct losses amounted to an estimated $2.5 billion.