Payment processor Slim CD, based in Florida, is currently under investigation for a significant data breach that exposed the credit card information of nearly 1.7 million customers. The breach, which took place between August 2023 and June 2024, compromised customer names, addresses, credit card numbers, and expiration dates.

The breach was first identified on June 15, 2024, when Slim CD detected suspicious activity within their systems. According to a notice issued by the company, an unauthorized party gained access to its computer environment from August 17, 2023. This access allowed these threat actors to access customer credit card information between June 14, 2024, and June 15, 2024. This means that the cybercriminals had access to Slim CD’s environment for over a year.

In its “Notice of Data Privacy Event,” Slim CD said that upon learning of the breach, it “quickly commenced a thorough investigation and took steps to implement additional safeguards and review our policies and procedures relating to data privacy and security.” However, it only notified the public on September 6, nearly three months after learning of the breach.

It’s currently unclear how the breach occurred or who is in possession of the stolen data. No one has yet come forward to claim responsibility or sell the data. However, the company has reported the incident to federal law enforcement and regulatory authorities.

Affected individuals have been advised to remain vigilant by monitoring their financial statements and credit reports for any signs of fraud or identity theft. Slim CD recommends that consumers consider placing fraud alerts or credit freezes on their credit file.

This is not the first major breach of 2024 that exposed consumers’ credit card details. Cybersecurity researcher, Jeremiah Fowler, reported a leaked database containing partial credit card information of 38.6 million Rapid Legal users.