Uh oh. Any consumer notification template that reports a breach due to malware injection on the web host’s server and/or includes [INSERT SITE NAME HERE] doesn’t bode well, especially when the compromise lasted for more than three months before being detected.
See Cyberswim‘s template notification letter, here (pdf). I don’t see any notification on their web site at this time.
A lookup reveals the site’s host is INETUASN1. Compromised information includes not only payment card information but also username and password to login to the site.
Again, do not re-use login credentials across sites.
Update: Cyberswim’s notification to the New Hampshire Attorney General’s Office can be found here (pdf). The breach affected its cyberswim.com, miraclebody.com, miraclesuit.com, and swimandsweat.com web sites, with 145 NH residents affected.
It is fraudulant of you people at cyberswim and miraclesuit to send us all a letter after KNOWING YOU WERE BEING HACKED FOR 3 months.
HOW HORRIBLE AND INCONSIDERATE TO DO TO DO YOUR CUSTOMERS.. PAST CUSTOMERS NOW.