On July 25, 2025, Hello Cake, a sexual wellness company, suffered a data breach due to a misconfigured cloud storage file during a platform migration. An unauthorized third party (threat actor '888') accessed and copied a file containing sensitive customer PII and PHI, including full names, dates of birth, email addresses, phone numbers, prescription details (medication names, identifiers, expiration dates), shipping addresses, order/transaction IDs, and financial discount information. The breach was isolated to a single file tied to telehealth prescription services (partnered with M&D Integrations Inc.) and did not affect other systems.The stolen data was posted on the open web on July 21, 2025, exposing customers to risks of identity theft, fraud, and PHI misuse, though no direct financial data (e.g., credit cards) was compromised. Hello Cake secured the file, conducted an internal investigation, engaged cybersecurity experts, and reported the incident to the California Attorney General on September 19, 2025. Affected individuals were advised to monitor credit reports, place fraud alerts, and use a dedicated support line for assistance. While financial fraud risk is low, the exposure of prescription-related PHI and PII poses significant privacy and reputational consequences.
Source: https://www.claimdepot.com/data-breach/hello-cake-2025
TPRM report: https://www.rankiteo.com/company/hello-cake
"id": "hel0202202092225",
"linkid": "hello-cake",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Users of telehealth '
'prescription services (exact '
'number unspecified)',
'industry': 'Sexual Wellness / Telehealth',
'location': 'North Hollywood, California, USA',
'name': 'Hello Cake',
'type': 'Private Company'},
{'customers_affected': 'None (MDI systems not affected)',
'industry': 'Healthcare/Telehealth',
'name': 'M&D Integrations Inc. (MDI)',
'type': 'Partner Organization'}],
'attack_vector': 'Misconfigured cloud storage access (direct file path '
'exposure)',
'customer_advisories': ['Dedicated phone line (866-291-1599) for assistance',
'Instructions for reviewing account statements and '
'reporting suspicious activity'],
'data_breach': {'data_exfiltration': True,
'file_types_exposed': ['Single file (format unspecified)'],
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes health and '
'prescription details)',
'type_of_data_compromised': ['PII',
'PHI',
'Prescription Data',
'Order Information']},
'date_detected': '2025-07-25',
'date_publicly_disclosed': '2025-09-19',
'description': 'On July 25, 2025, Hello Cake, a sexual wellness company based '
'in North Hollywood, Calif., experienced a significant data '
'breach involving sensitive customer information. The breach '
'stemmed from a misconfigured access setting on a single file '
'stored in a cloud-based system during a routine platform '
'migration. An unauthorized third party accessed and copied '
'the file, which contained personally identifiable information '
'(PII) and protected health information (PHI). The threat '
"actor '888' claimed responsibility, posting stolen data "
'samples on the open web on July 21, 2025. The incident was '
'isolated to Hello Cake’s telehealth prescription services, '
'provided in partnership with M&D Integrations Inc. (MDI), and '
'did not affect MDI’s systems or other Hello Cake files.',
'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
'exposure of sensitive PII/PHI in '
'sexual wellness context',
'data_compromised': ['Full names',
'Dates of birth',
'Email addresses',
'Phone numbers',
'Order IDs',
'Transaction IDs',
'Shipping addresses',
'Prescribed medication names',
'Prescription identifiers',
'Prescription expiration dates',
'Prescription refills',
'Prices',
'Order statuses',
'Shipping dates',
'Discount and coupon information',
'Order-related data'],
'identity_theft_risk': 'High (PII/PHI exposed)',
'legal_liabilities': 'Reported to California Attorney General; '
'potential regulatory scrutiny under HIPAA or '
'state data protection laws',
'operational_impact': 'Limited to telehealth prescription '
'services; no disruption to MDI or other '
'Hello Cake systems',
'payment_information_risk': 'None (no financial data involved)',
'systems_affected': ['Cloud storage platform (single file)']},
'initial_access_broker': {'entry_point': 'Misconfigured cloud storage file '
'(direct path access)',
'high_value_targets': ['Prescription-related '
'PII/PHI']},
'investigation_status': 'Completed (internal investigation finalized '
'2025-08-22)',
'lessons_learned': ['Critical importance of access controls during cloud '
'migrations',
'Need for routine audits of file-level permissions in '
'cloud storage',
'Value of third-party cybersecurity expertise in incident '
'response'],
'post_incident_analysis': {'corrective_actions': ['Removed exposed file and '
'corrected settings',
'Implemented additional '
'cloud storage safeguards',
'Enhanced incident response '
'protocols'],
'root_causes': ['Misconfigured access controls '
'during platform migration',
'Lack of validation for file-level '
'permissions in cloud storage']},
'recommendations': ['Regular security audits for cloud storage configurations',
'Implementation of least-privilege access principles',
'Enhanced monitoring for unusual access patterns to '
'sensitive files',
'Proactive customer communication and support for '
'identity theft prevention'],
'references': [{'source': 'Hello Cake Official Data Breach Notice'},
{'date_accessed': '2025-09-19',
'source': 'California Attorney General Breach Report'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA (PHI '
'exposure)',
'California Consumer '
'Privacy Act (CCPA)'],
'regulatory_notifications': ['California Attorney '
'General (reported '
'2025-09-19)']},
'response': {'communication_strategy': ['Official data breach notice posted '
'on Hello Cake website',
'Direct guidance to affected '
'individuals (credit monitoring, '
'fraud alerts, credit freezes)',
'Dedicated phone support for '
'inquiries'],
'containment_measures': ['Removed the exposed file from the '
'system',
'Corrected cloud storage security '
'settings'],
'incident_response_plan_activated': True,
'remediation_measures': ['Implemented additional safeguards for '
'cloud storage',
'Established dedicated incident '
'response phone line (866-291-1599)'],
'third_party_assistance': ['Cybersecurity experts (unnamed)']},
'stakeholder_advisories': ['Customers advised to monitor credit reports and '
'place fraud alerts',
'Guidance provided for credit freezes and identity '
'theft prevention'],
'threat_actor': '888',
'title': 'Hello Cake Data Breach (July 2025)',
'type': ['Data Breach', 'Unauthorized Access', 'Misconfiguration'],
'vulnerability_exploited': 'Improper access control in cloud storage'}