In May 2025, UK-based dessert restaurant chain Creams Cafe suffered a data breach impacting approximately 159,700 customers. The incident was publicly disclosed on July 23, 2025, and has since been added to breach monitoring databases such as Have I Been Pwned. The breach involved sensitive customer data, posing risks of phishing, fraud, and account compromise.
1. What Happened?
The breach exposed personal data of Creams Cafe customers, reportedly including names, email addresses, phone numbers, and account credentials. The exact attack vector has not been publicly disclosed, but breaches of this nature often result from SQL injection attacks, misconfigured databases, or compromised third-party services. No evidence has been shared indicating that payment card data was included, but affected users should assume their personal details are compromised.
Records Exposed: 159,700 customers.
Breach Date: May 2025.
Disclosure: July 23, 2025.
Data Involved: Names, emails, phone numbers, and possibly hashed or plaintext passwords.
2. Timeline of Events
May 2025: Attackers gained unauthorized access to Creams Cafe’s customer database.
July 23, 2025: Breach publicly disclosed and indexed by Have I Been Pwned.
3. How Should Customers Respond?
Affected customers should take immediate action to secure their online presence:
Reset Passwords: Change your Creams Cafe account password and ensure it’s not reused on other services.
Enable MFA: Turn on multi-factor authentication wherever possible to block unauthorized logins.
Beware of Phishing: Be cautious of emails pretending to be from Creams Cafe or other brands, especially those asking for login or payment information.
Check Exposure: Use Have I Been Pwned to verify whether your email address was part of this breach.
Conclusion
The Creams Cafe data breach affecting 159,700 records underscores how even hospitality and food-service businesses are vulnerable to cyberattacks. While no payment data has been confirmed as stolen, exposed personal information increases risks of phishing and identity abuse. Customers should reset passwords, enable MFA, and remain alert to suspicious messages. For businesses, this incident is another reminder of the importance of database security, patching vulnerabilities, and proactive breach monitoring.
