A new cyber security breach has reportedly targeted credit card users using Slim CD payment gateway services to complete their online transactions. Slim CD is an electronic payment gateway service provider for US and Canada-based merchants.
Slim CD detected malicious activity on their computers on and around 15th June 2024, after which a notice was released to their users. The breach, which successfully skimmed sensitive financial information, is estimated to have impacted millions of users.
The investigation concluded that malicious actors might have had access to the systems between 17th August 2023 and 15th June 2024, which facilitated them to capture or obtain certain credit card information. According to regulators in Maine state, 1,693,000 people were affected in total. The data impacted by the breach reportedly included clients’ names, addresses, credit card numbers, and card expiration dates.
Affected users have been notified by Slim CD and any other user who may have used the gateway services during or close to the mentioned window is advised to follow the below measures to keep their information and accounts safe:
- Contact your bank immediately to replace your breached credit card with a new one.
- Scrutinize your bank statements, credit card transactions, and online account activity to quickly identify anyunauthorized charges.
- Inform your bank regarding any unauthorized transactions.
- Reset the passwords for all accounts associated with the leaked passwords. It is strongly recommended that you select strong, unique passwords that are not reused across multiple platforms. You can use a password generator to create strong passwords.
- Enable multi-factor authentication (MFA) wherever possible. It enhances security by demanding additional verification beyond a password.
- Use password manager software to securely generate and store complex passwords. Password managers mitigate the risk of password reuse across different accounts.
The surge in cyberattacks on payment gateways underscores the need for strong security policy implementation on both the provider and the customer end.
