Cyber Incident Victim: Malley's Chocolates

The Malley’s Chocolates data breach occurred approximately two weeks before Easter in 2018, with the intrusion targeting the company’s online payment systems. A hacker gained unauthorized access to the Brook Park-based confectioner’s website, compromising credit and debit card information belonging to 3,400 customers who had made purchases through the digital storefront. The breach exclusively affected transactions conducted via Malley’s online platform between late March and early April 2018, coinciding with the peak Easter holiday shopping period. Physical retail locations remained unaffected, as the attack vector specifically exploited vulnerabilities in the e-commerce infrastructure rather than point-of-sale systems across Malley’s 23 Northeast Ohio stores. The company detected anomalous activity prompting an internal investigation, though the exact timeline from intrusion discovery to confirmation remains unspecified in public disclosures.

Malley’s initiated customer notifications via physical mail during the week preceding May 10, 2018, advising impacted individuals of the card data exposure. The breach notification letters outlined the nature of the compromised information but did not specify whether additional personal identifiers like addresses or purchase histories were accessed. Company representatives emphasized that only online purchasers during the affected timeframe were at risk, excluding in-store customers and transactions processed outside the intrusion window. No details regarding forensic findings, attacker methodologies, or malware deployment were disclosed publicly. The incident caused operational disruptions during a critical sales period for the seasonal business, though Malley’s maintained regular store operations throughout the investigation. The company’s response focused on direct consumer outreach rather than public statements, with no subsequent disclosures about enhanced security measures or regulatory filings.