Scoupy data breach
The data breach exposed very personal data, such as name, address, place of residence, telephone number, e-mail address, date of birth, receipts and encrypted password and encrypted bank account number (IBAN). . Scoupy is tightening security and promises to continue to do so in the near future, as a result of which the app and website may be temporarily unavailable. Scoupy is a cashback app that gives you money back when you buy all kinds of promotional products in the supermarket and drugstore. You take a photo of the receipt and get money back.
Scoupy warns users that phishing attacks could occur in the near future, in which someone, for example, pretends to be a bank employee and tries to retrieve PINs and passwords. The company advises to be extra vigilant for scams in the coming period. The Scoupy passwords are stored encrypted and are “probably unusable”, according to Scoupy's support page. “Nevertheless, it is important to change your password regularly.” We can add ourselves that with apps that are not official and where the data is only used for marketing purposes, it is always a good idea not to enter your real date of birth and the like (if possible) .
The incident has been reported to the Dutch Data Protection Authority and a report has also been made to the police. “The leak has been found and patched”, said Scoupy. The company also immediately hired a specialized cybersecurity company and Scoupy feels that it has responded correctly and adequately to the situation.
Scoupy back with founders
In the past we have written regularly about Scoupy. The app originated from a startup, was taken over by Sanoma/DPG Media, where it did not receive the necessary attention and came back into the hands of the founders in 2020. A “firm reorganization” promised by the original creators Geert Luyendijk, Jeroen Lubbers and Valentijn Bras.