Security09:51 · 18m ago

Nayax Rejects Ransom Demand After Cyberattack, Confirms No Sensitive Payment Data Leaked

Calcalist
Translated & summarized from Calcalist by baba
The story · English

About a week after reporting a cybersecurity incident to the U.S. Securities and Exchange Commission, Israeli fintech company Nayax disclosed the results of its internal investigation and its decision not to pay the ransom demanded by attackers. The company, which develops payment and transaction solutions for vending machines and is listed on the Tel Aviv and Nasdaq stock exchanges, identified unusual activity in one of its cloud accounts. Nayax's board stated that complying with the ransom demand, which threatened to publish stolen data by July 21, would not align with the long-term interests of its customers, partners, employees, and shareholders.

Nayax completed a thorough review of its systems and confirmed that its core production environment was not compromised and remains fully operational. However, the investigation revealed that some data was extracted from a cloud account belonging to a subsidiary. The leaked information included backup copies of scanned documents, business data, and transaction records. Crucially, the company emphasized that no sensitive payment verification data such as cardholder names, CVV numbers, or ID numbers were stored or leaked.

The company further explained that many transactions involved digital wallets like Apple Pay and Google Pay, which use one-time tokens that cannot be reused even if exposed. Based on these findings, Nayax assured customers that their funds and accounts remain secure with no unauthorized access detected. The company is bearing and will continue to bear all costs related to managing the incident, system recovery, and investigation. While the full financial impact, including insurance coverage and customer response, is still being assessed, Nayax does not expect the event to materially affect its financial stability or annual results.

Read the original at Calcalist
Open the live terminal