MyPup Notification 28/11/2025
From info@my-pup.com
To [ALL USERS]
Subject Important update regarding cyber security incident at MyPup
Dear MyPup user,
We want to inform you about a cyber security incident that occurred to MyPup in July 2025. Unfortunately, during an unauthorised attempt to access our systems, the phone numbers of 92 users were exposed. We cannot fully rule out that for approximately 60,000 users (part of) their phone number or email address was exposed.
Firstly, we want to say sorry for this incident. We take the protection of your data extremely seriously and believe it is important to keep you fully and transparently informed. We would like to update you and ask that you remain vigilant for any suspicious messages, phone calls, or links.
What happened?
During a brute force enumeration attack, attempts were made to test random phone numbers or email addresses to see which existed. You can compare this to trying to find the correct combination on a combination lock.
What data was accessed without authorisation?
The following may have been exposed:
- Phone number(s)
- (A portion of) Email address(es)
- Pick Up Point name(s)
Important to know:
- No full names or other personal data were accessed.
- Your MyPup account was not compromised.
- The incident was identified and stopped on July 27.
- The 92 individuals who we identified as having their phone numbers accessed were notified immediately.
- We promptly reported the incident to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
- We have implemented and strengthened various security measures as a result of the incident.
What does this mean for you?
We want to inform you as a precaution, and ask you to stay alert as certain data could potentially be used for phishing or other fraudulent purposes.
What can you do?
- Be alert to suspicious messages, phone calls, or links. MyPup will always email from the my-pup.com or mypup.nl domain. - If in doubt, always contact us at infosecurity@my-pup.com.
Why am I only hearing about this now?
When the incident was discovered on July 27, 2025, it appeared to be limited to 92 users. This group and the Data Protection Authority were informed immediately. Further investigation has shown that the number could be higher. To be fully transparent, we are now proactively informing all users.
We deeply apologies and regret any inconvenience this incident may have caused, and are doing everything possible to maintain your cyber security and your trust. If you have any questions or concerns, please feel free to contact our security team at infosecurity@my-pup.com.
Kindest regards,
MyPup | My Pick Up Point