Cake Box, which makes egg-free celebration cakes, is currently writing to its customers to warn them of a serious data breach, in which their payment information was compromised, in April last year.
The data breach, affecting the UK’s largest cake franchise, exposed online customers’ debit and credit card information, including 3-digit CVV codes, putting them at serious risk of financial fraud.
It’s not yet known how many people have been affected by the Cake Box Data breach, but some customers have already reported fraudulent payments being made using their card details.
Commenting on the data breach, Mark Montaldo, a director who specialises in data breaches at CEL Solicitors, said: “Cake Box customers affected by this data breach must be vigilant.
“The payment information exposed represents a treasure trove for hackers who’ve already made fraudulent payments, costing some customers dearly.
“Unfortunately, affected customers are only just finding out about this now, more than a year later, meaning much of the damage may have already been done.
“However, I’d still advise Cake Box customers to notify their banks, cancel their cards and remain vigilant as it’s not uncommon for scammers to re-target their victims.
“I’d also urge them to check their bank statements and credit records, going back as far as early 2020, to look out for any irregular activity.”
What was the Cake Box Data Breach?
On the 27th April 2020, Cake Box was contacted by Global Payments, their website’s payment processing provider, who informed them of a data breach affecting the security of their website.
It was then discovered that an unauthorised third party had gained access to the site and placed malware on it. Using this malware, the cyber-criminals were able to copy payment information from online purchases.
Following the data breach, Cake Box has since removed the malware, but unfortunately, former customers have been affected, with some reporting that their information has been used to make fraudulent purchases.
What information was compromised in the Cake Box Data Breach?
The information comprised in the Cake Box data breach included online customers’ personal and financial information including:
- First name and surname
- Email address
- Postal address
- Payment card information, including the 3-digit CVV code.
What should I do if I’ve been affected by the Cake Box data breach?
If you’ve been affected by the Cake Box Data Breach you should take urgent steps to protect your personal and financial information.
- You should notify your bank that your debit and / or credit card information may have been compromised and arrange replacement cards immediately.
- You should also check your bank and credit card statements, going back as far as March 2020, for any unusual activity
- If you don’t already have one, set up and check your credit file for any accounts or credit searches that you don’t recognise
- Finally, beware of any phishing emails or phone calls asking you to enter login credentials, provide financial information or give up any further personal data