The data breach, affecting the UK’s largest cake franchise, exposed online customers’ debit and credit card information, including 3-digit CVV codes, putting them at serious risk of financial fraud.
It’s not yet known how many people have been affected by the Cake Box Data breach, but some customers have already reported fraudulent payments being made using their card details.
Commenting on the data breach, Mark Montaldo, a director who specialises in data breaches at CEL Solicitors, said: “Cake Box customers affected by this data breach must be vigilant.
“The payment information exposed represents a treasure trove for hackers who’ve already made fraudulent payments, costing some customers dearly.
“Unfortunately, affected customers are only just finding out about this now, more than a year later, meaning much of the damage may have already been done.
“However, I’d still advise Cake Box customers to notify their banks, cancel their cards and remain vigilant as it’s not uncommon for scammers to re-target their victims.
“I’d also urge them to check their bank statements and credit records, going back as far as early 2020, to look out for any irregular activity.”
On the 27th April 2020, Cake Box was contacted by Global Payments, their website’s payment processing provider, who informed them of a data breach affecting the security of their website.
It was then discovered that an unauthorised third party had gained access to the site and placed malware on it. Using this malware, the cyber-criminals were able to copy payment information from online purchases.
Following the data breach, Cake Box has since removed the malware, but unfortunately, former customers have been affected, with some reporting that their information has been used to make fraudulent purchases.
The information comprised in the Cake Box data breach included online customers’ personal and financial information including:
If you’ve been affected by the Cake Box Data Breach you should take urgent steps to protect your personal and financial information.