Nayax Refuses Hacker Ransom After Cloud Account Data Theft

Israeli payments company Nayax refused to pay a ransom demanded by hackers who stole transaction records and business documents from a cloud account linked to one of its subsidiaries. The Nasdaq- and Tel Aviv-listed company confirmed on July 14 that data had been exfiltrated, six days after first disclosing suspicious activity on July 8. Nayax's board decided not to comply with the attackers' extortion demands, stating that paying would not serve the long-term interests of customers, partners, employees, or shareholders. The hackers threatened to publish allegedly stolen material if Nayax does not pay by July 21. The company is cooperating with law enforcement authorities in Israel and the United States, though the ransom amount and attacker identity remain undisclosed.

Nayax Confirms Stolen Data Contents and Scope

Nayax's investigation found that hackers copied a backup containing scanned documents, business-related information, and payment transaction records. The company stated the transaction records did not include cardholder names, CVV security codes, or identification information because those details are generally not retained in its systems. The number of transactions contained in the backup, the dates covered by the records, and the number of affected merchants and consumers have not been disclosed.

A significant share of the affected transactions involved digital wallets such as Apple Pay and Google Pay, according to Nayax. Those payments use tokenized credentials rather than reusable card details. The company acknowledged that its review of the precise scope and full contents of the stolen data remains ongoing.

Nayax first reported the incident on July 8 after detecting anomalous activity in a cloud computing account associated with a subsidiary. The account was blocked after the activity was identified. The company has not disclosed when the intrusion began, how the attackers obtained access, or how long they remained inside the account.

Company Reports Payment Infrastructure Remained Secure

Nayax stated that customer safeguarded funds remained untouched and that attackers did not obtain unauthorized access to customer accounts. The company's production environment, core systems, and payment-processing infrastructure were not affected, and operations continued without disruption.

Founded in 2005, Nayax provides payment acceptance, merchant management, and loyalty technology to operators of unattended and traditional retail businesses. As of March 31, the company had 13 offices, approximately 1,250 employees, and connections to more than 80 merchant acquirers and payment methods. The company processes payments on behalf of merchants, which is why consumers may see Nayax listed on card statements after purchases from vending machines or other self-service terminals.

Nayax Discloses Financial Performance and Breach Costs

The breach occurred during a period of rapid growth and cost restructuring at Nayax. The company reported approximately $400 million in revenue for 2025, up about 24%, and net profit of $35.5 million after recording a loss in the previous year. Nayax has projected 2026 revenue of between $510 million and $520 million.

Shortly before the cyber incident, the company reportedly laid off 32 employees, equal to about 3% of its workforce, including 20 positions in Israel. That followed an earlier round of reductions.

The cyberattack has generated expenses for forensic investigation, remediation, system reviews, and incident response. Nayax said additional costs could follow, while insurance or indemnification arrangements may offset part of the bill. The company has not yet quantified those costs or disclosed whether it expects regulatory investigations, consumer notifications, or litigation in any jurisdiction. Nayax stated it does not currently expect the incident to have a material effect on its financial condition or operating results.

FAQ

What data did hackers steal from Nayax? Hackers copied a backup containing scanned documents, business-related information, and payment transaction records from a cloud account linked to a Nayax subsidiary. The transaction records did not include cardholder names, CVV security codes, or identification information, as those details are generally not retained in Nayax systems. A significant share of affected transactions involved digital wallets such as Apple Pay and Google Pay, which use tokenized credentials.

When did Nayax disclose the cyberattack? Nayax first reported the incident on July 8 after detecting anomalous activity in a cloud computing account associated with a subsidiary. The company confirmed on July 14 that data had been exfiltrated. Hackers threatened to publish allegedly stolen material if Nayax does not pay by July 21.

Why did Nayax refuse to pay the ransom? Nayax's board decided not to comply with the attackers' extortion demands because paying would not serve the long-term interests of its customers, partners, employees, or shareholders. The company is cooperating with law enforcement authorities in Israel and the United States.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments