STOCK TITAN

Nayax: information security incident update

(Neutral)
Tags

Nayax (NASDAQ: NYAX) updated on the July 2026 suspected information security incident, reporting that system review and technical remediation are complete and its systems are confirmed free of unauthorized access. Production and core systems were not impacted and business operations continue normally.

The investigation found exfiltration of a backup of scanned documents, additional business information and mainly payment transaction record backups, which exclude sensitive authentication data. Nayax reports safeguarded customer funds were untouched, rejected criminal extortion demands, and currently does not expect a material impact on its financial condition or results.

Loading...
Loading translation...

AI-generated analysis. How Rhea-AI works. Not financial advice.

Positive

  • Systems cleared of unauthorized access after review and remediation
  • Production and core systems reported as not impacted
  • Business operations continuing normally without disruption
  • Safeguarded customer funds untouched and no unauthorized account access confirmed
  • No material effect expected on financial condition or results of operations, per company

Negative

  • Data exfiltration includes backup of scanned documents and business information
  • Backup payment transaction records exfiltrated, though without sensitive authentication data
  • Scope and contents of exfiltrated information still under investigation
  • Incident-related costs already incurred and may continue
  • Criminal extortion attack required Board decision not to comply
See more from StockTitan in Google Search and AI answers. Adds StockTitan as a preferred source · opens Google
Add on Google

HERZLIYA, Israel, July 14, 2026 (GLOBE NEWSWIRE) -- Further to Nayax’s announcement dated July 8, 2026, regarding a suspected information security incident, the Company provides the following update.

The Company's system review and technical remediation activities have been completed, and the Company's systems have been cleared and based on its investigation to date, confirmed to be free of unauthorized access. The Company's production environment and core systems have not been impacted. The Company's business operations continue as normal, without disruption or impact on our operations.

As the Company's investigation progressed, and while the precise scope and complete contents of the exfiltrated information are still under investigation, findings have emerged indicating that such exfiltrated information includes a copy of a backup of scanned documents,  additional business-related information, and mainly back up of payment transaction records which does not include sensitive payment authentication data (such as cardholder names, CVV values or ID information), as such information is generally not retained within the Company's systems. In addition, a significant portion of the transactions were conducted using digital wallets, such as Apple Pay and Google Pay, in which the payment credentials consist of single-use tokens that have no value if disclosed. Based on its investigation to date, the Company confirms that all customer safeguarded funds were untouched and that no unauthorized access to those accounts occurred.

The Company's Board of Directors has resolved not to comply with criminal extortion demands. The Board believes that complying with such demands would not be consistent with the long-term best interests of the Company's customers, partners, employees and shareholders.

The Company has incurred, and may continue to incur, costs related to responding to, remediating, and investigating this attack. The full financial impact-including insurance or indemnification offsets and any effect on customer behavior-is not yet determined, but the Company does not currently expect a material effect on its financial condition or results of operations.

The Company continues to cooperate fully and closely with the relevant law enforcement authorities, which continue to conduct an intensive investigation into the incident and those responsible.

Nayax Public Relations Contact: 
Scott Gamm 
Strategy Voice Associates 
Scott@strategyvoiceassociates.com 

Nayax Investor Relations Contact: 
Aaron Greenberg 
Chief Strategy Officer 
IR@nayax.com 


FAQ

What did Nayax (NASDAQ: NYAX) report in its July 14, 2026 cybersecurity incident update?

Nayax reported its systems were remediated and confirmed free of unauthorized access. According to Nayax, production and core systems were not impacted, operations continue normally, some data backups were exfiltrated, but safeguarded customer funds remain untouched and no material financial impact is currently expected.

Was customer payment data compromised in the Nayax NYAX July 2026 security incident?

Nayax reported that exfiltrated data mainly involved backup payment transaction records without sensitive authentication data. According to Nayax, cardholder names, CVV values and ID information are generally not retained, and many transactions used tokenized digital wallets like Apple Pay and Google Pay.

Did the Nayax (NYAX) July 2026 cyberattack affect customer safeguarded funds?

Nayax stated that all customer safeguarded funds were untouched and no unauthorized access to those accounts occurred. According to Nayax, despite data exfiltration of certain backups, financial balances held on behalf of customers were not impacted by the incident.

Will the July 2026 Nayax (NASDAQ: NYAX) security incident materially impact its financial results?

Nayax has incurred, and may continue to incur, response and investigation costs from the attack. According to Nayax, the full financial impact is not yet determined, but the company does not currently expect a material effect on its financial condition or results of operations.

Which Nayax systems were affected in the July 2026 NYAX information security incident?

Nayax reported its production environment and core systems were not impacted by the incident. According to Nayax, system review and technical remediation are complete, systems are cleared of unauthorized access, and the main impact involved exfiltration of certain data backups rather than operational systems.