Fraudulent Card Charges - Statement

21 July 2022 Update: Updates about the state of our systems

Please see an update to this post here: Updates on the data breach

Hello everybody!

Most of you already noticed by now, but to clarify from our side what has happened: Somebody got unauthorised access to our servers and was able to charge cards with random amounts between 50 and 250 pounds. We are investigating the whole incident right now.

The most important things for you:

  1. We are still in charge of the money and will refund each and every one of you throughout the day. We already started the process and are working hard to get the money back to you.
  2. Your card details (number, CVV, expiration date) as well as your Vitra accounts are secure - we encrypt all sensitive data and don’t store any card details.

Ways to get refunded:

  1. If you need the money very urgently, write an email to titled “Refund request”. Please include your email address and phone number in the message. We’ll try to handle these requests first, especially if it’s for larger amounts.
  2. Otherwise, you can simply wait. We’ll be refunding every single transaction that was done maliciously.

We are truly sorry for the inconvenience. We will do our very best to resolve this situation as fast as possible and make sure this won’t happen again. If you’re interested in what happened, keep an eye on the forum as we will keep posting updates whenever we figure out more details.


Holy shit, that is REALLY bad.

How could they hack your servers and charge things to the cards without the card details?

Have you hired a incident response team?

Why is there no email on this to all customers?

1 Like

Yes, not happy at all. Could not even use the app when signing up as it kept crashing. Must have managed to get my credit card info on there right enough as got charged £154.54.
How do i request a full deletion from tour app and servers as understandably want no more dealings with you once i get my refund


1 Like

Hi Paul,

Please contact us at with your email address and we will be able to delete your account.

Kind regards


Has this been reported to the FCA and also GDPR if users personal information has been accessed?


I have charged 25.19 from vit gb is that yous guy

1 Like

It probably is.
Send an email to, with the information requested on the fixed annoucement, and they will get it sorted out.


And ICO, Report a breach | ICO


All: there is a new update over here answering common questions: Updates on the data breach

1 Like

I work in risk and Insurance for a global company and have dealt with cyber claims before if you want any advice?

You must report the incident to the ico within 72 hours of first becoming aware of the breach.

Do you have cyber insurance? If so and want any costs covered, you need to engage with them now if not done already. I can assist with the steps you need to take.

If you want to better understand your insurance I can also help. I work in Central London.




Sadly no one from the company reached out.


Not surprising. They are great at making you believe they understand what we and their customers in general expect them to do in this situation (and with the indefinite postponing of the payment systems). And then they just don’t do it. I’m glad that I did not increase my investment after they slowed down in updates and did not provide a clear timeline.


Majority of startups on Crowdcube do not host a Forum. Requirement is a quarterly email.

1 Like

I can name more than 10 where I did not get any mail for 2 years and another 15 with the last update somewhere mid last year. In every case Crowdcube said they will build pressure. But nothing changes. I don’t want more of those, I want open communication. But I know some companies that do a far better job than Vitra, but they did not steal from me yet either, so that’s that. They need to be open and communicate daily what’s going on otherwise they lose trust. One of my banks put them on the blacklist btw.

1 Like

I really believe that we cannot gain back your trust if you want to be involved in our day-to-day activities, no matter what we do. That’s fine though, nobody expects you to blindly trust us and continue to support us. From the very moment of the data breach, it was obvious that we will lose people. This is still a community forum and lengthening one topic over weeks or even months doesn’t help anyone.


We do not have any claims and the breach is not notifiable. You can read the details in this post: Updates on the data breach