FALSE Claims of Database Leak at LoyLap – No Breach Occurred

There Has Been No Data Breach at LoyLap

Recent online claims on a popular Hacker forum about a database leak, data breach, or LoyLap system compromise are factually incorrect. No unauthorized access, leak, or compromise has occurred within LoyLap’s systems. This post outlines the verified facts and reaffirms our continued commitment to security, compliance, and transparency.

View the original article on SOCRadar

What Actually Happened

The claim stems from a misrepresented incident:

• A merchant created a test account on our platform using dummy data for internal evaluation.

• That data was exported and later stored on a third-party server outside of LoyLap's payment platform.

• A third party accessed the merchant’s external server, not LoyLap’s payment infrastructure.

• This test data (which never included sensitive or real customer data) was misrepresented online as evidence of a database breach.

To be clear:
This was not a data breach, database leak, or infrastructure compromise involving LoyLap’s systems.

Industry-Standard Security and Compliance

LoyLap is a PCI DSS Level 2 Certified Service Provider, and we maintain strict controls to ensure secure handling of data across our infrastructure. Our controls include:

• Quarterly independent vulnerability scans

• Annual penetration testing

• Continuous infrastructure monitoring

• No storage of PANs or sensitive card data within our systems

• Robust access management and audit logging

All payment information is processed through PCI-certified payment gateways. No Payment Card Numbers (PANs), CVVs, or sensitive data are stored on any LoyLap system.

GDPR and Data Handling Responsibility

We operate in full compliance with the General Data Protection Regulation (GDPR). As outlined in our Privacy Statement, LoyLap acts as a Data Controller for the data we collect and use to deliver services. Data is always processed with purpose limitation, minimization, and strong safeguards.

However, data security is a shared responsibility. Once a merchant exports data from our platform, it is their obligation to store and manage it securely. This is outlined in our Terms of Use, specifically Section 11.3:

“[The merchant] represents, warrants and undertakes that [they] shall at all times comply with Applicable Law in respect of [their] control and processing of Member Personal Data...”

The merchant in this case failed to secure an exported .csv file containing only their test data. When dealing with customer data and in particular sensitive or personally identifiable information LoyLap's systems are designed to adhere to and exceed payment industry best practices.

Key Facts

• No data breach occurred at LoyLap.

• No database was leaked or compromised.

• No sensitive or payment data was exposed.

• The incident involved merchant-controlled test data stored externally and accessed by a third party.

Our infrastructure remains secure, compliant, and independently verified.

Learn More or Contact Us

We encourage responsible reporting and transparency in cybersecurity. If you have any questions or concerns, feel free to contact our team at support@loylap.com.