Slim CD Breach: 1.7 Million Customers’ Data Exposed for a Year

Slim CD, a payment processing service provider, has notified its customers of a significant data breach that compromised the personal and financial information of nearly 1.7 million individuals. Hackers had access to the company’s system for almost a year, from August 2023 to June 2024.

Slim CD is an American provider of payment processing solutions, enabling businesses to accept electronic and card payments through web terminals, mobile, and desktop applications. The company noted that suspicious activity within its network was first detected on June 15, 2024. Subsequent investigations revealed that cybercriminals had infiltrated the system as early as August 17, 2023.

In the notice sent to affected clients, Slim CD disclosed that during this period, hackers may have accessed various types of data, including customers’ full names, physical addresses, credit card numbers, and expiration dates. Although the CVV (security code) was not compromised, there remains a risk of fraudulent credit card use.

The company clarified that access to credit card information was possible on two specific days—June 14 and 15, 2024. During this time, hackers may have viewed or copied credit card data; however, Slim CD reassured customers that the absence of the CVV code reduces the likelihood of fraud.

After discovering the breach, Slim CD took steps to bolster the security of its systems to prevent similar incidents in the future. The company also recommended that customers remain vigilant, monitor their bank accounts for any suspicious activity, and promptly report any unauthorized transactions to their bank or card service provider.

Notably, Slim CD did not offer free identity theft protection services to those affected, raising concerns among its clients. Many of those who received the notification may not have even been aware of Slim CD, as the company provides its services through businesses in the retail, hospitality, and restaurant sectors.