Around 1.7 million people will receive a letter from Florida-based Slim CD, if they haven’t already, after the company detected an intrusion dating back nearly a year.

Slim CD provides payment processing solutions, thus credit card numbers along with their expiry dates are among the data types potentially compromised in the incident.

The cardholder’s name and address may also be affected, meaning potential for financial fraud should that data be sold, although Slim CD says it hasn’t detected any misuse of the data.

[…]

Among the questions we put to the company was why it took so long for the break-in to be detected, and whether it believed there were any failures in its ability to detect such incidents.

A postmortem carried out by the company and third-party experts revealed that the intrusion began on August 17, 2023, but was only discovered “on or about” June 15 this year.

[…]

There was no apology in the letter [PDF] sent to the 1.693 million potentially affected customers, who were instead encouraged to order a free credit report and remain vigilant against any malicious account activity.

Source: 1.7M potentially pwned by payment services provider breach • The Register

Avis Rent A Car System has alerted 299,006 customers across multiple US states that their personal information was stolen in an August data breach.

The digital break-in occurred between August 3 and August 6, according to the car rental giant in filings with the Maine and California attorneys general.

On August 14, Avis determined that sensitive info had been “obtained by the unauthorized third party,” although the sample breach notification letter redacted the specifics, so we can’t say for sure what personal details were stolen.

Avis also cites “insider wrongdoing” under the breach disclosure section in the Maine filing, but doesn’t provide additional details about what happened.

“Since the incident occurred, we have worked with cybersecurity experts to develop a plan to enhance security protections for the impacted business application,” the letter sent to affected consumers says [PDF].

“In addition, we have taken steps to deploy and implement additional safeguards onto our systems, and are actively reviewing our security monitoring and controls to enhance and fortify the same,” it continues.

[…]

According to San Francisco-based law firm Schubert Jonckheer & Kolbe, this information may include customers’ names, addresses, dates of birth, driver’s license numbers, and financial information (including account numbers and credit or debit card numbers).

[…]

Source: Avis alerts 300k car renters that crooks stole their info • The Register