Payment processor Checkout.com recently experienced a data breach after being targeted by the cybercrime group “ShinyHunters.”
The attackers accessed old data stored in a third-party cloud system. Luckily, Checkout.com’s live payment processing environment was not affected, and no merchant funds or card numbers were accessed.
The company revealed that the breach happened last week when ShinyHunters contacted them with a ransom demand.
According to Checkout.com’s investigation, the cybercriminals obtained documents by exploiting a legacy cloud storage system that was last used in 2020.
This storage system, meant for internal records and merchant onboarding information, had not been properly decommissioned. As a result, about 25% of current merchants could be affected.
Checkout.com’s central payment system was never at risk. The stolen information does not include any payment card numbers or merchant bank funds.
Mariano Albera, Chief Technology Officer at Checkout.com, explained that the company takes full responsibility for not shutting down the old system correctly.
He apologized for the worry caused by this incident and emphasized that they are working to notify anyone impacted. The company has also ensured cooperation with law enforcement and relevant regulators throughout the investigation.
Checkout.com firmly refuses to pay the ransom demanded by ShinyHunters. Instead, the company has decided to donate the equivalent ransom amount to support cybersecurity research.
The recipients are Carnegie Mellon University and the University of Oxford’s Cyber Security Center, both well-known for their research in fighting cybercrime.
The company wants to turn this negative experience into a positive step for the whole industry. Checkout.com promises to be transparent about its mistakes, protect its merchants, and help strengthen security in the digital economy.
They pledged to assist any affected partners and said that their support lines are always open for questions or concerns.
Checkout.com’s response underlines the importance of maintaining trust, investing in security, and refusing to be extorted by cybercriminals. As the company says, security, transparency, and trust are at the core of the payments industry.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.