Ionut Arghire reports:
Global payment service provider Checkout.com has disclosed a data breach after a known hacking group attempted to extort it.
The incident, Checkout says, involved a legacy, third-party cloud file storage system that had not been used since 2020, and did not affect its payment processing platform.
“The system was used for internal operational documents and merchant onboarding materials at that time,” the company says.
“The episode occurred when threat actors gained access to this third-party legacy system which was not decommissioned properly. This was our mistake, and we take full responsibility,” Checkout notes.
Checkout’s response to the attack, its transparency, and its response to ShinyHunters’ attack were glorious:
Their attempt to extort Checkout failed too. “We will not be extorted by criminals. We will not pay this ransom,” the company said.
“Instead, we are turning this attack into an investment in security for our entire industry. We will be donating the ransom amount to Carnegie Mellon University and the University of Oxford Cyber Security Center to support their research in the fight against cybercrime,” Checkout added.
Read more at SecurityWeek.
Bravo, Checkout, bravo!