Legal help for data breach compensation claims

Cake Box data breach shows anyone is a target

Start Your Claim Today!

Your privacy is extremely important to us. Read how we handle your data in our Privacy Policy

In the summer of 2021, it was reported that a UK-based cake maker and retailer had suffered a hack in which customer information was reportedly compromised. The Cake Box data breach was said to have been discovered in 2020, at which point they alerted the affected customers, but the incident appears to have only come to more mainstream media attention earlier this year.

As a company that could hold significant quantities of customer data, the UK cake store chain may have been seen as a valuable target for the attackers. As with all cyberattacks, the data breach raises questions about the strength of the defences that Cake Box had in place, and whether or not the company did all it could to protect customer data. But it also serves to show that any retailer can be a target, and this is something that all organisations must take heed of. And, given how it happened, it also serves as a reminder as to how retailers can be targeted in various ways.

When a data breach occurs, victims can often feel powerless, but we can assure you that it is possible to take action against those responsible. If your data security has been compromised by a third party, you may be eligible for a compensation claim, and we can offer free, no-obligation advice about your case.

The Cake Box data breach – what happened?

On 27th April 2020, Cake Box reportedly discovered a breach of its systems after the company that provided their payments systems, Global Payments, alerted them to the cyberattack. Following investigations, it was confirmed that a third party had been able to access the website and install malware, via which they were able to reportedly steal information recorded for customer transactions.

The personal information affected in the Cake Box data breach is understood to have included names, email addresses, postal addresses, and payment card details, including the security (CVV) code from the back of customers’ cards. As a result, anyone who made purchases during the period in which the website was still subjected to the virus may have seen unauthorised transactions on their accounts.

Stealing payment data online

The Cake Box data breach is an example of how the infection of an online retailer’s website and payment system can lead to fraud. The incident resembles the Ticketmaster data breach, in which a hacker was able to take advantage of a vulnerability in a chatbot on the company’s payment page to record payment information. We are currently taking on claims for those affected by the Ticketmaster incident.

As in this case, payment systems are being targeted more and more by criminals as they aim to try to sneak in software that can then be used to scrape and steal information. Such software can be hard to identify at first, so it is essential that all retailers are wary of the dangers.

Make your data breach claim

If you have been affected by a retail cyberattack like the Cake Box data breach or a similar incident, you could be eligible to make a compensation claim. Given the growing, developing nature of cybercrime, all online retailers need to be vigilant of hackers, particularly in a world where more and more consumers are turning to online shopping.

In a data breach claim, you could be eligible to specifically recover compensation for any fraud you have suffered. As part of the Special Damages section of your claim, you could be reimbursed for any financial losses caused by the data breach. However, you can also be eligible to just claim for any distress suffered instead if you have not lost any money.

Regardless of how you have been affected, you can come to our leading, specialist team of lawyers for advice on your case, and we may be able to offer you No Win, No Fee representation if you are eligible.

Simply contact us today or register for a call-back to find out more.

IMPORTANT: advice on this page is intended to be up-to-date for the 'first published date'.

Request a call back from our team

Fill out our quick call back form below and we'll contact you when you're ready to talk to us.
All fields marked with an * are required.

Your privacy is extremely important to us. Information on how we handle your data is in our Privacy Policy.
You have the right to object to the processing of your personal data.


Businesses need proper cybersecurity
Data leaked from Kent schools on the dark web