Attackers only accessed and exfiltrated during the last two days of the operation.
Information from nearly 1.7 million credit card holders were compromised when payment gateway provider Slim CD discovered a cyber-attack in mid-June.
According to SC US, attackers were able to infiltrate Slim CD's systems between August 17th 2023, to June 15th 2024, with individuals' credit card details only accessed and exfiltrated during the last two days of the operation, the firm said in a website notice and breach notification letters.
It also said that information potentially impacted by this incident include names, addresses, credit card numbers and card expiration dates.
"Slim CD takes the confidentiality, privacy, and security of information in its possession very seriously," its notice said. "Upon discovery of this incident, Slim CD quickly commenced a thorough investigation and took steps to implement additional safeguards and review our policies and procedures relating to data privacy and security."
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
