Cyber Incident Victim: Swiss Cleaners

Swiss Cleaners, a Rockville, Connecticut-based dry cleaning chain operating eight locations, experienced a point-of-sale (POS) system breach affecting payment card data between December 30, 2014, and December 23, 2015. The company became aware of the incident after customers reported unauthorized charges on payment cards recently used at their stores. An investigation revealed that malware had been installed on the company’s payment card server, capturing data from every payment card processed during the 10-month intrusion period. The compromised information included cardholder names, card numbers, expiration dates, and verification codes stored on the magnetic strips of cards swiped at POS terminals across all eight Connecticut locations. This breach exposed all customers who used payment cards at any Swiss Cleaners store during the affected timeframe, though the exact number of impacted individuals was not disclosed.

Upon discovery, Swiss Cleaners removed the malicious code from its server and implemented a stand-alone payment system using dial-up connections at all stores to enhance security, despite acknowledging this method increased transaction processing times. The company engaged a computer security firm to review its payment procedures and collaborated with credit card companies to notify potential victims. Swiss Cleaners publicly stated the breach investigation began immediately after banks identified patterns of fraudulent charges linked to cards used at their stores, emphasizing their commitment to protecting customer relationships and payment card information. No evidence suggested theft of non-payment data or compromise of systems beyond the POS server. The company did not disclose whether law enforcement investigations occurred or if regulatory penalties resulted from the incident.