HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

Payment gateway provider breach impacts 1.7 million credit card owners

Written by Abby Grifno | Sep 16, 2024 10:30:00 AM

What happened

Slim CD recently disclosed a data breach that ultimately compromised the credit card and personal data of 1.7 million individuals. 

Slim CD is a Florida-based company providing products that can help stores and merchants process payments without setting up their own credit terminals or shopping carts. As a payment gateway provider, it acts as a middleman between the customer, the business, and their financial institution. Ultimately, it allows companies to accept and process payments and is thus used by online and brick-and-mortar businesses. The company works with merchants in the US and Canada. 

Slim CD recently notified impacted clients that the company recently became aware of suspicious activity on its computer environment. 

Slim CD determined that impacted information may have included names, addresses, credit card numbers, and card expiration dates. 

 

Going deeper

According to the breach notice, Slim CD became aware of suspicious activity around June 15th, 2024. The company immediately launched an investigation and enlisted the help of a third-party specialist. 

The investigation revealed that an unauthorized actor had accessed credit card information between June 14th, 2024, and June 15th, 2024. 

Slim CD began sending notices to impacted clients on September 6th, 2024. The company has also reported the incident to federal law enforcement and regulatory authorities. Currently, Slim CD has not offered any credit monitoring or identity theft protection services. 

 

What was said

In their notice, Slim CD said they takethe confidentiality, privacy, and security of information in its possession very seriously.After learning about the incident, the company said they promptly tooksteps to implement additional safeguards and review our policies and procedures relating to data privacy and security.” 

 

The big picture

Fortunately, each credit card's security code, also known as the CVV, was not revealed. Without this information, malicious actors will have difficulty using the credit cards, but fraud is still possible. 

For Slim CD, the impacts are not yet fully known. The organization will likely face increased scrutiny and potential class action lawsuits. For their clients, who are business owners, the breach could have a trick-down effect, potentially impacting their economic well-being. 

While nearly every business uses payment gateway providers, merchants have the option to choose from a variety of companies and will likely work with those with time-tested security measures. 

With data breaches increasing at alarming rates, organizations should think about the financial and reputational impacts a breach can have. 

Related: HIPAA Compliant Email: The Definitive Guide