U.S. payment gateway provider Slim CD had information from nearly 1.7 million credit card holders compromised following a cyberattack discovered in mid-June, according to SC Media.
Attackers were able to infiltrate Slim CD's systems from Aug. 17, 2023, to June 15, 2024, with individuals' credit card details only accessed and exfiltrated during the last two days of the operation, said the firm in a website notice and breach notification letters issued to California, Maine, and Vermont regulators. Additional details regarding the incident have not been provided but such an extended breach duration was noted by KnowBe4 security awareness advocate James McQuiggan to indicate continuous security monitoring lapses that could have been addressed with a threat intelligence-focused security incident management system.
"Organizations must ensure that protection their intellectual property or customer data is the highest level, and using the highest level of security will significantly reduce the risk of an attack... Organizations with sensitive data must employ proactive, layered security measures, combining technology solutions with user education and fast incident response practices to stand up against cyber threats," said McQuiggan.