Cyber Incident Victim: Cyberswim, Inc.

On September 24, 2014, Cyberswim, Inc. confirmed that malicious software had been installed on the computer server hosting its website, potentially compromising customer data. The unauthorized installation occurred between May 12 and August 28, 2014, affecting visitors who made purchases during this three-and-a-half-month window. Attackers gained access to names, physical addresses, website usernames and passwords, payment card account numbers, card expiration dates, and payment card security codes through this malware infection. The breach exposed multiple sensitive data elements simultaneously, creating risks for both financial fraud and credential reuse across other platforms. Cyberswim did not publicly disclose the total number of affected individuals or whether the malware specifically targeted cardholder data flows versus broader system access.

In response to the incident, Cyberswim initiated corrective measures including a forced password reset process for impacted accounts and updated the website's underlying code to prevent similar compromises. The company enhanced its malicious software detection systems and formally notified all affected customers by October 14, 2014, as documented in California Attorney General records. No evidence suggested continued unauthorized access beyond August 28, indicating containment efforts succeeded in halting active data exfiltration. The breach directly jeopardized payment card security due to the capture of CVV codes and expiration dates—elements typically restricted under Payment Card Industry standards for merchant storage. Financial institutions and customers faced heightened fraud monitoring requirements following the exposure of this comprehensive payment data alongside personally identifiable information.