Heimdal
article featured image

Contents:

Payment gateway provider Slim CD data breach compromised the credit card data of 1,693,000 US and Canadian users.

The breach remained undetected for almost a year. Hackers breached Slim CD’s system in August 2023, but the company only detected suspicious activities in June 2024. This gave the threat actors almost one year to expand the attack. However, Slim CD says they only had access to the financial data between June 14th and 15th. The company notified the affected users about their financial data being compromised two and a half months later.

The investigation identified unauthorized system access between August 17, 2023, and June 15, 2024. That access may have enabled an unauthorized actor to view or obtain certain credit card information between June 14, 2024, and June 15, 2024.

Slim CD has been working diligently to provide affected individuals with accurate and complete notice, and on September 6, 2024, Slim CD began sending emails potentially affected individuals.

Source – Slim CD Notice of Data Privacy Event

What information did the Slim CD data breach compromise?

According to the company’s notice, hackers had access to their users’:

  • name
  • address
  • credit card number
  • card expiration date

The attackers can use this type of sensitive information for social engineering, identity theft and fraud.

Slim CD urged its customers to remain vigilant and offered guidance regarding how they can protect their own personal data. In their official Data Breach Notification to the authorities, they said they are not offering any identity theft protection services to the affected users.

slim cd data breach

Source

How to protect financial data from data breaches

According to the 2024 Data Breach Investigation Report, last year the financial industry experienced 3,348 incidents. Security specialists confirmed data disclosure for 1,115 of them.

To prevent falling victim to such an incident, here are 3 security measures you can take to protect financial data from breaches:

Use end-to-end encryption

Sensitive data should be encrypted both at rest, in data bases, and in transit. In case of an intrusion, the attacker will not be able to read or use them.

Enforce a layered defense strategy

Using an antivirus to detect threats based on recognizing already known viruses is not enough anymore. When building your defense, you should consider adding a firewall, DNS filtering, and privileged access management. Layered defense means protecting your assets by adding various security measures. If an attacker succeeds passing one of them, they will be stopped by the other ones.

The best solution is using XDR software, a tool that streamlines security processes and supports compliance efforts.

Heimdal’s XDR platform is one of the most comprehensive and user-friendly XDR options. Unlike most XDR products, it also includes Ransomware Encryption Protection (REP).

heimdal XDR solution (1)

Patch known vulnerabilities timely

All security teams dream of never missing a patch. However, the mission seemed impossible for a long time. Software vendors release thousands of updates every year which makes patching a tiresome and redundant job.

The solution is using automated patch management, to solve patching for different OSs, remotely, in only a few clicks.

Closing vulnerabilities before hackers can exploit them reduces the chances of a data breach.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE