Data leak
Slim CD Payment Gateway Breach
Primary Source βIncident Details
Payment gateway provider Slim CD disclosed that attackers had access to its systems from 17 August 2023, with credit card data specifically accessed 14-15 June 2024 before discovery on 15 June 2024. Approximately 1.7 million individuals’ names, addresses, credit card numbers, and expiration dates were exposed (CVVs not compromised). Slim CD processes payments for US and Canadian merchants. Customers were not directly notified until September 2024.
Technical Details
- Initial Attack Vector
- Unauthorized access to payment gateway systems; attackers maintained persistent access from August 2023 through June 2024 before exfiltrating credit card data in a final two-day window
- Vendor / Product
- Slim CD (payment gateway)
Timeline
- 2023-08-17 Breach occurred
- 2024-09-06 Publicly disclosed
- 2024-09-06 Customers notified