Checkout.com Discloses Data Breach After Extortion Attempt

Global payment service provider Checkout.com has disclosed a data breach after a known hacking group attempted to extort it.

The incident, Checkout says, involved a legacy, third-party cloud file storage system that had not been used since 2020, and did not affect its payment processing platform.

“The system was used for internal operational documents and merchant onboarding materials at that time,” the company says.

“The episode occurred when threat actors gained access to this third-party legacy system which was not decommissioned properly. This was our mistake, and we take full responsibility,” Checkout notes.

According to the platform, the attackers did not access merchant funds or card numbers.

Checkout has launched an investigation into the attack to determine its scope and identify the affected entities. It has reported the attack to law enforcement and the relevant regulators.

The attack, the company says, was claimed by the notorious ShinyHunters extortion group ...