Payment provider Checkout.com disclosed a data breach after hackers from the notorious ShinyHunters group tried to extort them. The attackers accessed a legacy third-party cloud storage system that hadn't been used since 2020 and wasn't properly decommissioned.
The breach affected internal documents and merchant onboarding materials but didn't compromise payment processing, merchant funds, or card numbers. Checkout refused to pay the ransom and instead announced they'll donate the ransom amount to Carnegie Mellon University and Oxford's Cyber Security Center for cybercrime research.
The company has launched an investigation and reported the incident to law enforcement and regulators.
Source: Security Week