Uh oh. Any consumer notification template that reports a breach due to malware injection on the web host’s server and/or includes [INSERT SITE NAME HERE] doesn’t bode well, especially when the compromise lasted for more than three months before being detected.
See Cyberswim‘s template notification letter, here (pdf). I don’t see any notification on their web site at this time.
A lookup reveals the site’s host is INETUASN1. Compromised information includes not only payment card information but also username and password to login to the site.
Again, do not re-use login credentials across sites.
Update: Cyberswim’s notification to the New Hampshire Attorney General’s Office can be found here (pdf). The breach affected its cyberswim.com, miraclebody.com, miraclesuit.com, and swimandsweat.com web sites, with 145 NH residents affected.