Contents:
Payment gateway provider Slim CD data breach compromised the credit card data of 1,693,000 US and Canadian users.
The breach remained undetected for almost a year. Hackers breached Slim CD’s system in August 2023, but the company only detected suspicious activities in June 2024. This gave the threat actors almost one year to expand the attack. However, Slim CD says they only had access to the financial data between June 14th and 15th. The company notified the affected users about their financial data being compromised two and a half months later.
The investigation identified unauthorized system access between August 17, 2023, and June 15, 2024. That access may have enabled an unauthorized actor to view or obtain certain credit card information between June 14, 2024, and June 15, 2024.
Slim CD has been working diligently to provide affected individuals with accurate and complete notice, and on September 6, 2024, Slim CD began sending emails potentially affected individuals.
Source – Slim CD Notice of Data Privacy Event
What information did the Slim CD data breach compromise?
According to the company’s notice, hackers had access to their users’:
- name
- address
- credit card number
- card expiration date
The attackers can use this type of sensitive information for social engineering, identity theft and fraud.
Slim CD urged its customers to remain vigilant and offered guidance regarding how they can protect their own personal data. In their official Data Breach Notification to the authorities, they said they are not offering any identity theft protection services to the affected users.
How to protect financial data from data breaches
According to the 2024 Data Breach Investigation Report, last year the financial industry experienced 3,348 incidents. Security specialists confirmed data disclosure for 1,115 of them.
To prevent falling victim to such an incident, here are 3 security measures you can take to protect financial data from breaches:
Use end-to-end encryption
Sensitive data should be encrypted both at rest, in data bases, and in transit. In case of an intrusion, the attacker will not be able to read or use them.
Enforce a layered defense strategy
Using an antivirus to detect threats based on recognizing already known viruses is not enough anymore. When building your defense, you should consider adding a firewall, DNS filtering, and privileged access management. Layered defense means protecting your assets by adding various security measures. If an attacker succeeds passing one of them, they will be stopped by the other ones.
The best solution is using XDR software, a tool that streamlines security processes and supports compliance efforts.
Heimdal’s XDR platform is one of the most comprehensive and user-friendly XDR options. Unlike most XDR products, it also includes Ransomware Encryption Protection (REP).
Patch known vulnerabilities timely
All security teams dream of never missing a patch. However, the mission seemed impossible for a long time. Software vendors release thousands of updates every year which makes patching a tiresome and redundant job.
The solution is using automated patch management, to solve patching for different OSs, remotely, in only a few clicks.
Closing vulnerabilities before hackers can exploit them reduces the chances of a data breach.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube, for more cybersecurity news and topics.