Payment gateway data breach affects 1.7 million credit card owners
Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals.
In the notification sent to impacted clients, the company says that hackers had access to its network for nearly a year, between August 2023 and June 2024.
Slim CD is a provider of payment processing solutions that enables businesses to access electronic and card payments via web-based terminals, mobile, or desktop apps.
The firm first detected suspicious activity on its systems this year on June 15. During the investigation, the company discovered that hackers had gained access to its network since August 17, 2023.
“The investigation identified unauthorized system access between August 17, 2023, and June 15, 2024,” reads the notification to impacted individuals.
However, Slim CD says that the threat actor viewed or obtained access to credit card information this year for two days, between June 14th and 15th
"That access may have enabled an unauthorized actor to view or obtain certain credit card information between June 14, 2024, and June 15, 2024,” Slim CD says in the data breach notification.
The types of data that may have been accessed by the unauthorized part include:
- Full name
- Physical address
- Credit card number
- Payment card expiration date
Though the exposed information is not enough to allow cybercriminals to perform fraudulent transactions, since the card verification number (CVV) is missing, a risk of credit card fraud still exists.
Slim CD says it has taken measures to strengthen its security to prevent similar incidents in the future.
At the same time, it advises the notice recipients to remain vigilant for signs of fraud and identity fraud attempts and report suspicious activity to the card issuer as soon as possible.
No free-of-charge identity theft protection services were offered to the affected individuals.
Slim CD offers payment processing services to various industries, including retail, hospitality, and restaurants, but individuals receiving the breach notifications are likely unfamiliar with it as they never directly interacted with the company.
Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks
How to defend against brute force and password spray attacks
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
MediumInsecure JSF ViewState
InformationalStrict-Transport-Security Header on Plain HTTP Response
LowStrict-Transport-Security Multiple Header Entries (Non-compliant with Spec)
InformationalInformation Disclosure - Suspicious Comments in XML via WebSocket
InformationalInformation Disclosure - JWT in Browser sessionStorage
InformationalCORS Header
Free online web security scanner