Payment card details, including security codes, stolen in Beanbag Bazaar data breach 

individual finance claims

Bean bag maker Bazaar Group has contacted customers to notify them about a data hack. The breach has compromised a wealth of customer data, including payment card details. Here’s what we know about the Beanbag Bazaar data breach so far. 

Beanbag Bazaar (Bazaar) was the target of a cyber security incident in which hackers gained unauthorised access to the company’s website and injected malicious code to its checkout page. Payment processor, Stripe, warned Bazaar that there was a potential violation, and external cyber security experts have since confirmed the attack.  

Customers who made online purchases during the following dates are affected:  

  • 16 August 2022 to 1 November 2022 
  •  9 November 2022 to 16 November 2022 
  •  21 November 2022 to 28 November 2022 

Personal and financial data has been stolen

In an email to customers, Bazaar confirms that “regrettably it does appear that there is a chance some of your information may have been taken”. This includes payment card details and security codes, so this could be a very serious breach.  

The full list of compromised data includes:  

  • Customer Names 
  • Home Addresses 
  • Phone numbers 
  • E-mail addresses 
  • Payment card details used to make the transactions (cardholder name, card number, expiry date and security code). 

Are you affected by the Beanbag Bazaar data breach?

According to Bazaar, it is “writing to each customer that may have been affected to inform them of the incident.” If you are a customer of this company and you have not received any such notification, it is worth checking your spam folder just in case.  

Bazaar has referred the matter to the Information Commissioner’s Office (ICO), as it is legally required to do. It is also providing affected customers with free identity and credit monitoring services from Kroll for one year. However, we have not yet seen any confirmation about when Bazaar first became aware of the breach. 

The incident occurred between August 2022 and November 2022. This means that confidential customer data has been in the hands of cybercriminals for months. If it transpires that Bazaar knew about this breach in 2022, questions must be asked about why it chose not to warn affected customers at that time.  

Customers are at risk

Bazaar admits that this data breach could potentially place customer information at risk and warns customers to take “precautions against potential identity theft and financial fraud”.  Furthermore, while Bazaar claims that it has not yet found “any evidence of unauthorized activity related to Bazaar’s customers who placed online orders during the abovementioned periods”, this does not mean that affected customers can relax. Data stolen in such incidents is often later sold on the dark web, and it can take months for it to be used nefariously.  

Bazaar clearly recognises this as it has warned customers to consider cancelling affected payment cards. The company has also provided further advice on how to protect personal information.  

Victims of data breaches often become the target of criminals. To keep yourself safe after the Bazaar security violation, the Keller Postman UK expert data breach lawyers have provided some helpful tips. Get our guide here.  

Join our no-win, no-fee Beanbag Bazaar data breach action

Keller Postman UK has launched an investigation to find out what happened and how this breach affects Bazaar customers. If you made an online order during the data breach periods, register below to receive updates on our investigation.   

If we uncover that poor security processes led to customer information being compromised, we will launch a data breach group action to help affected customers in England & Wales claim compensation for the security failures. 

Share this article: