Overview
- Checkout.com says the ShinyHunters group contacted it last week claiming stolen data and demanding payment, with no ransomware used in the incident.
- An internal probe found unauthorized access to a legacy third-party cloud file storage system that was not properly decommissioned.
- Exposed material consists of internal operational documents and merchant onboarding files from 2020 and prior, affecting less than a quarter of current merchants and potentially including former customers.
- The firm reports no impact on its live payment processing platform and no access to merchant funds or card numbers by the attackers.
- Checkout.com is notifying affected customers, coordinating with law enforcement and regulators, and pledging the ransom amount to Carnegie Mellon University and Oxford's Cyber Security Center to support research.