What Happened
No data breach occurred at LoyLap in 2024. Claims of a database leak in October 2024 originated from a hacker forum where a threat actor misrepresented test data from a merchant’s exported CSV file, stored on a third-party server outside LoyLap’s systems, as evidence of a compromise; LoyLap’s official statement clarifies that this involved only dummy test data with no sensitive or payment information exposed, no unauthorized access to their PCI DSS Level 2 certified infrastructure, and emphasizes shared responsibility for merchant-exported data under GDPR and their Terms of Use.
