Israeli payments company Nayax refused to pay a ransom demanded by hackers who stole transaction records and business documents from a cloud account linked to one of its subsidiaries. The Nasdaq- and Tel Aviv-listed company confirmed on July 14 that data had been exfiltrated, six days after first disclosing suspicious activity on July 8. Nayax's board decided not to comply with the attackers' extortion demands, stating that paying would not serve the long-term interests of customers, partners, employees, or shareholders. The hackers threatened to publish allegedly stolen material if Nayax does not pay by July 21. The company is cooperating with law enforcement authorities in Israel and the United States, though the ransom amount and attacker identity remain undisclosed.
Nayax's investigation found that hackers copied a backup containing scanned documents, business-related information, and payment transaction records. The company stated the transaction records did not include cardholder names, CVV security codes, or identification information because those details are generally not retained in its systems. The number of transactions contained in the backup, the dates covered by the records, and the number of affected merchants and consumers have not been disclosed.
A significant share of the affected transactions involved digital wallets such as Apple Pay and Google Pay, according to Nayax. Those payments use tokenized credentials rather than reusable card details. The company acknowledged that its review of the precise scope and full contents of the stolen data remains ongoing.
Nayax first reported the incident on July 8 after detecting anomalous activity in a cloud computing account associated with a subsidiary. The account was blocked after the activity was identified. The company has not disclosed when the intrusion began, how the attackers obtained access, or how long they remained inside the account.
Nayax stated that customer safeguarded funds remained untouched and that attackers did not obtain unauthorized access to customer accounts. The company's production environment, core systems, and payment-processing infrastructure were not affected, and operations continued without disruption.
Founded in 2005, Nayax provides payment acceptance, merchant management, and loyalty technology to operators of unattended and traditional retail businesses. As of March 31, the company had 13 offices, approximately 1,250 employees, and connections to more than 80 merchant acquirers and payment methods. The company processes payments on behalf of merchants, which is why consumers may see Nayax listed on card statements after purchases from vending machines or other self-service terminals.
The breach occurred during a period of rapid growth and cost restructuring at Nayax. The company reported approximately $400 million in revenue for 2025, up about 24%, and net profit of $35.5 million after recording a loss in the previous year. Nayax has projected 2026 revenue of between $510 million and $520 million.
Shortly before the cyber incident, the company reportedly laid off 32 employees, equal to about 3% of its workforce, including 20 positions in Israel. That followed an earlier round of reductions.
The cyberattack has generated expenses for forensic investigation, remediation, system reviews, and incident response. Nayax said additional costs could follow, while insurance or indemnification arrangements may offset part of the bill. The company has not yet quantified those costs or disclosed whether it expects regulatory investigations, consumer notifications, or litigation in any jurisdiction. Nayax stated it does not currently expect the incident to have a material effect on its financial condition or operating results.
What data did hackers steal from Nayax? Hackers copied a backup containing scanned documents, business-related information, and payment transaction records from a cloud account linked to a Nayax subsidiary. The transaction records did not include cardholder names, CVV security codes, or identification information, as those details are generally not retained in Nayax systems. A significant share of affected transactions involved digital wallets such as Apple Pay and Google Pay, which use tokenized credentials.
When did Nayax disclose the cyberattack? Nayax first reported the incident on July 8 after detecting anomalous activity in a cloud computing account associated with a subsidiary. The company confirmed on July 14 that data had been exfiltrated. Hackers threatened to publish allegedly stolen material if Nayax does not pay by July 21.
Why did Nayax refuse to pay the ransom? Nayax's board decided not to comply with the attackers' extortion demands because paying would not serve the long-term interests of its customers, partners, employees, or shareholders. The company is cooperating with law enforcement authorities in Israel and the United States.
Related News
SpaceX Stock Falls Below IPO Price After 43% Decline from Peak
Keyrock Acquires BlockFills Assets for $3.25M After $75M Collapse
Netflix Stock Falls 9% as Q3 Guidance Misses Wall Street Estimates
MacOS Malware Hijacks Telegram Sessions and Targets Crypto Wallets
SharonAI Stocks Fall 7% on Thursday Despite $1.32B Cloud Deal With AI Lab