- Checkout.com refuses to pay ransom to ShinyHunters after breach
- Instead, the ransom is donated to two universities.
- CTO Mariano Albera emphasizes “security, transparency and trust”
Mariano Albera, CTO of Checkout.com, is confirmed The company became the target of a digital extortion attempt by the ShinyHunters group in the first week of November 2025, but the results may not be as expected.
The attackers gained access to an outdated third-party cloud file storage system that Checkout.com had accidentally disabled, affecting the company’s internal documents and merchant onboarding documents from 2020 and earlier.
“We estimate this will affect less than 25% of our current dealer base,” Albera said.
Checkout.com refused to pay the ransom
Due to the nature of the breach, payment processing systems were not affected in real time and the attackers did not have access to the merchant’s funds or card numbers.
CTO Mariano Albera publicly apologized for the incident and took full responsibility for the oversight. However, Checkout.com confirmed that it will not pay the ransom demanded by ShinyHunters: “We will not be blackmailed by criminals. We will not pay this ransom.”
The company chose to donate the ransom to Carnegie Mellon University and the Oxford University Cyber ​​​​Security Center “to support their research in the fight against cybercrime.”
“Security, transparency and trust are the foundations of our industry. We admit our mistakes, protect our merchants and invest in the fight against criminal actors who threaten our digital economy,” Albera added.
Checkout.com is praised for its transparency and refusal to finance criminal activity. It is unclear how much was donated to the two universities’ research centers.
In the meantime, Checkout.com is communicating with affected customers and coordinating with authorities and regulators.
