Payment gateway provider Slim CD is notifying roughly 1.7 million individuals that their personal and credit card information was stolen in a ten-month-long data breach.
The incident was discovered on June 15, 2024, but the attackers had access to Slim CD’s systems since August 17, 2023, the company says in an incident notice (PDF).
“That access may have enabled an unauthorized actor to view or obtain certain credit card information between June 14, 2024, and June 15, 2024,” Slim CD explains.
After reviewing the potentially accessed information, the company determined that names, addresses, and credit card numbers and expiration dates were likely compromised.
The payment provider has started notifying the potentially affected individuals via email, and notified law enforcement and regulatory authorities of the incident.
On September 6, Slim CD notified the Maine Attorney General’s Office that 1,693,000 people were likely impacted by the data breach.
The company is not offering identity theft protection services to the affected individuals, but encourages them to remain vigilant against identity theft and fraud attempts.
“Upon discovery of this incident, we quickly commenced a thorough investigation and took steps to implement additional safeguards and review our policies and procedures relating to data privacy and security,” the company notes.
Slim CD handles electronic payments, such as credit card payments, for merchants in the US and Canada, but it is unclear whether the data breach has affected individuals in both countries.
SecurityWeek has emailed Slim CD for additional information on the data breach and will update this article as soon as a reply arrives.
Related: Avis Data Breach Impacts 300,000 Car Rental Customers
Related: 950,000 Impacted by Young Consulting Data Breach
Related: UK Minister Sorry Over Afghan Interpreters’ Data Breach
Related: Data Breach at St. Louis Health Center Impacts up to 152,000