Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Egg Free Cake Box Suffer Data Breach Exposing Credit Card Numbers

Egg Free Cake Box Suffer Data Breach Exposing Credit Card Numbers

Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers.

Cake Box is a UK chain of stores selling fresh cream celebration cakes made without eggs. There are currently 164 Cake Box stores located throughout the United Kingdom.

In emails sent to customers this week, Cake Box disclosed that their website was hacked in 2020 to include malicious scripts that stole customer information, including credit cards, submitted to the site.

Part of the Cake Box data breach notification
Part of the Cake Box data breach notification
Source: Twitter

Cake Box learned of the breach on April 27th, 2020, when they were contacted by their then-payment processing provider, Global Payments, who warned them that the site was breached.

“We immediately launched a thorough investigation of our systems in response and, with the help of experienced third-party security specialists, determined that an unauthorised third party had indeed recently gained access to the Cake Box website and placed certain malware on it”, disclosed Cake Box in a data breach notification sent to customers.

“Using this malware, the third party was able to copy certain information provided by our customers when making purchases from our website. We were then subsequently made aware that, in certain instances, this information has been used to make fraudulent purchases.”

When customers made purchases on the site while it was infected, these malicious scripts sent the first name and surname, email address, postal address, and payment card information, including the three-digit CVV code, to a remote server controlled by the attackers.

Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues

Likely a MageCart attack

Based on the description, this breach appears to be a MageCart attack.

MageCart attacks are when threat actors hack an eCommerce site and add malicious scripts to their payment confirmation pages.

These scripts will monitor checkout pages, and if credit card information is submitted on the page, transmit the data to a remote site under the attacker’s control.

The attackers can then log in to their servers and retrieve the stolen credit card information to sell on the dark web or perform fraudulent transactions.

Also Read: PDPA Compliance Singapore: 10 Areas To Work On

If you are a Cake Box customer and have received notifications about the data breach, you should analyze your current and past transactions and make sure no fraudulent charges are present.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us