Checkout.com refuses to pay a ransom to ShinyHunters following breach

It will donate the ransom amount to two universities instead

CTO Mariano Albera stresses “security, transparency and trust”

Checkout.com CTO Mariano Albera has confirmed the company was targeted by a digital extortion attempt by the group ShinyHunters during the first week of November 2025, but the outcome might not be as you’d expect.

Attackers accessed a legacy third-party cloud file storage system that had not been properly decommissioned by Checkout.com, affecting internal operation documents and merchant onboarding materials from 2020 and before.

“We estimate that this would affect less than 25% of our current merchant base,” Albera noted.

Checkout.com refused to pay a ransom

Because of the nature of the breach, live payment processing systems have not been impacted, and the attackers did not access merchant funds or card numbers.

CTO Mariano Albera publicly apologized for the incident, taking full responsibility for the oversight. However, Checkout.com confirmed it would not pay the ransom demanded by ShinyHunters: “We will not be extorted by criminals. We will not pay this ransom.”

The company has opted to donate the ransom amount to Carnegie Mellon University and the University of Oxford Cyber Security Center “to support their research in the fight against cybercrime.”

“Security, transparency and trust are the foundation of our industry. We will own our mistakes, protect our merchants, and invest in the fight against the criminal actors who threaten our digital economy,” Albera added.

Checkout.com has been praised for its transparency and refusal to fund criminal activity. It’s unclear how much has been donated to the two university research centers.

In the meantime, Checkout.com is contacting impacted customers and coordinating with law enforcement and regulators.

