Eggfree Cake Box has disclosed a data breach after threat actors hacked their website to stole credit card numbers. Cake Box learned of the breach on April 27th, 2020, when they were contacted by their then-payment processing provider, Global Payments, who warned them that the site was breached. The website was hacked in 2020 to include malicious scripts that stole customer information, including credit cards, submitted to the site. When customers made purchases on the site while it was infected, these malicious scripts sent the first name and surname, email address, postal address and payment card information to a remote server controlled by the attackers.
Source: https://www.bleepingcomputer.com/news/security/eggfree-cake-box-suffer-data-breach-exposing-credit-card-numbers/