Checkout.com has confirmed a data breach after being targeted by cybercrime group “ShinyHunters.” The attackers accessed old data from a third-party cloud system, but the live payment processing environment was not affected.
The breach occurred when ShinyHunters demanded a ransom last week. An investigation revealed that the attackers exploited a legacy cloud storage system used in 2020 for internal records and merchant onboarding information.
Around 25% of Checkout.com’s current merchants could be impacted by this incident, but no payment card numbers or merchant bank funds were accessed. The company is cooperating with law enforcement and regulators to notify affected partners.
Checkout.com has chosen not to pay the ransom and instead plans to donate the equivalent amount to support cybersecurity research at Carnegie Mellon University and the University of Oxford’s Cyber Security Center.
The company acknowledges its mistake in not shutting down the old system correctly and promises to protect its merchants, maintain transparency, and strengthen security in the digital economy.
Source: https://gbhackers.com/checkout-com-suffers-data-breach