14 DAY TRIAL // A security breach incident has been acknowledged by Cyberswim Inc. to have started on May 12 this year and persisted until August 28, allowing attackers to exfiltrate sensitive customer information for more than three months.
It appears that the attackers hit the server hosting the company’s website and had access to data required from customers for completing a purchase.
In a letter to the affected customers, the company explains that following an investigation that ended on September 24, it has been determined that the intruder managed to access personal client data; this consisted of names, email addresses, credentials for the website, card account number, expiration date and security code.
Among the measures taken by Cyberswim after learning of the compromise was to issue a password reset command so that the intruders cannot log in using the stolen credentials. The company also updated the website code so that it does not fall victim to similar attacks in the future.
It is strongly recommended that unique passwords are used for online services; thus, should such an incident occur, the attackers are not able to access information from other services using the countersign from another.
Protecting against fraud and identity theft falls into the hands of the user, who has to keep a close eye on the bank statement in order to catch malicious activities in the shortest time possible.
If there is suspicion of fraudulent activity, the bank that issued the card should be contacted as soon as possible.