STOCK TITAN

Nayax (NASDAQ: NYAX) details security incident, exfiltrated information

Filing Impact
(Neutral)
Filing Sentiment
(Neutral)
Form Type
6-K

Rhea-AI Filing Summary

Nayax Ltd. reports on an information security incident first announced in July 2026. It states that system reviews and technical remediation are complete, systems have been cleared and confirmed free of unauthorized access, and production and core systems were not impacted, so business operations continue without disruption.

The company explains that exfiltrated information includes a copy of a backup of scanned documents, additional business-related information and mainly a backup of payment transaction records, which does not include sensitive payment authentication data such as cardholder names, CVV values or ID information, as such data is generally not retained. Many transactions involved digital wallets like Apple Pay and Google Pay, where single-use tokens have no value if disclosed. Nayax confirms all customer safeguarded funds were untouched and no unauthorized access to those accounts occurred. The Board of Directors has resolved not to comply with criminal extortion demands, viewing this as inconsistent with the long-term best interests of customers, partners, employees and shareholders.

The company has incurred, and may continue to incur, costs to respond to, remediate and investigate the attack. While the full financial impact, including insurance or indemnification offsets and any effect on customer behavior, is not yet determined, Nayax does not currently expect a material effect on its financial condition or results of operations. It continues to cooperate closely with law enforcement, and this report is incorporated by reference into its effective SEC and Israel Securities Authority registration statements.

Positive

  • None.

Negative

  • None.
Commission file number 001-41491 SEC commission file number for Nayax Ltd.
Prior announcement date July 8, 2026 Date of earlier announcement regarding the suspected information security incident
Report signature date July 14, 2026 Date the Chief Legal Officer signed the report
information security incident technical
"regarding a suspected information security incident"
exfiltrated information technical
"findings have emerged indicating that such exfiltrated information includes a copy"
payment transaction records financial
"mainly back up of payment transaction records which does not include sensitive"
digital wallets financial
"transactions were conducted using digital wallets, such as Apple Pay and Google Pay"
A digital wallet is an app or online service that lets people store and use payment details, identification, loyalty cards, or cryptocurrency on a phone or computer—think of it as a virtual version of a physical wallet that can pay for things, prove identity, or hold digital assets. Investors care because widespread use changes how consumers pay, shifts revenue toward companies that control these payment flows, and introduces technology, security and regulatory risks that can affect profits and valuation.
criminal extortion demands regulatory
"Board of Directors has resolved not to comply with criminal extortion demands"
See more from StockTitan in Google Search and AI answers. Adds StockTitan as a preferred source · opens Google
Add on Google
Learn about SEC filing dates

FAQ

What information security incident did Nayax (NYAX) report in July 2026?

Nayax reported an information security incident involving exfiltrated information from its systems. The exfiltrated data includes a backup of scanned documents, business-related information and mainly payment transaction records, but excludes sensitive payment authentication data like cardholder names, CVV values or ID information.

Were Nayax (NYAX) systems and operations impacted by the incident?

Nayax states its system review and technical remediation are complete and systems have been cleared of unauthorized access. It reports that the production environment and core systems were not impacted, and that business operations continue as normal, without disruption or impact on operations.

What customer data was involved in the Nayax (NYAX) incident?

The exfiltrated information includes a backup of payment transaction records, scanned documents and business information. Nayax specifies these records do not include sensitive payment authentication data, such as cardholder names, CVV values or ID details, which are generally not retained in its systems.

Were Nayax (NYAX) customer funds affected by the attack?

Nayax confirms that all customer safeguarded funds were untouched and no unauthorized access to those accounts occurred. It also notes that many transactions used digital wallets, where single-use tokenized payment credentials have no value if disclosed.

How does Nayax (NYAX) expect the incident to affect its financial results?

Nayax acknowledges it has incurred, and may continue to incur, incident-related costs. However, while the full financial impact is not yet determined, the company states it does not currently expect a material effect on its financial condition or results of operations.

How is Nayax (NYAX) responding to the extortion demands and investigation?

The Board of Directors resolved not to comply with criminal extortion demands, citing long-term stakeholder interests. Nayax continues to cooperate fully with relevant law enforcement authorities, which are conducting an intensive investigation into the incident and those responsible.
0001901279false--12-31Q2 0001901279 2026-01-01 2026-07-14

 
UNITED STATES
SECURITIES AND EXCHANGE COMMISSION
Washington, D.C. 20549
 
FORM 6-K
 
REPORT OF FOREIGN PRIVATE ISSUER PURSUANT TO RULE 13a-16
OR 15d-16 UNDER THE SECURITIES EXCHANGE ACT OF 1934
 
For the month of July, 2026
 
Commission file number: 001-41491
 
NAYAX LTD.
(Translation of registrant’s name into English)
 
 Arik Einstein Street, Bldg. B, 1st Floor
Herzliya 4659071, Israel
 (Address of principal executive offices)
_____________________
 
Indicate by check mark whether the registrant files or will file annual reports under cover of Form 20-F or Form 40-F.
 
Form 20-F ☒           Form 40-F ☐
 

EXPLANATORY NOTE
 
Further to the Company's announcement dated July 8, 2026, regarding a suspected information security incident, the Company provides the following update.
 
The Company's system review and technical remediation activities have been completed, and the Company's systems have been cleared and based on its investigation to date, confirmed to be free of unauthorized access. The Company's production environment and core systems have not been impacted. The Company's business operations continue as normal, without disruption or impact on our operations.
 
As the Company's investigation progressed, and while the precise scope and complete contents of the exfiltrated information are still under investigation, findings have emerged indicating that such exfiltrated information includes a copy of a backup of scanned documents,  additional business-related information, and mainly back up of payment transaction records which does not include sensitive payment authentication data (such as cardholder names, CVV values or ID information), as such information is generally not retained within the Company's systems. In addition, a significant portion of the transactions were conducted using digital wallets, such as Apple Pay and Google Pay, in which the payment credentials consist of single-use tokens that have no value if disclosed. Based on its investigation to date, the Company confirms that all customer safeguarded funds were untouched and that no unauthorized access to those accounts occurred.
 
The Company's Board of Directors has resolved not to comply with criminal extortion demands. The Board believes that complying with such demands would not be consistent with the long-term best interests of the Company's customers, partners, employees and shareholders.
 
The Company has incurred, and may continue to incur, costs related to responding to, remediating, and investigating this attack. The full financial impact—including insurance or indemnification offsets and any effect on customer behavior—is not yet determined, but the Company does not currently expect a material effect on its financial condition or results of operations.
 
The Company continues to cooperate fully and closely with the relevant law enforcement authorities, which continue to conduct an intensive investigation into the incident and those responsible.
 
This Form 6-K is hereby incorporated by reference into all effective registration statements filed by the Company with the U.S. Securities and Exchange Commission (the “SEC”) or with the Israel Securities Authority (the “ISA”), including without limitation the Company’s Registration Statement on Form S-8 filed with the SEC (File No. 333-267542), the Company’s Registration Statement on Form F-3 filed with the SEC (File No. 333-274812) and the Company’s Shelf Prospectus filed with the ISA.
 
2

 
SIGNATURES
 
Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.
 
 
NAYAX LTD.
 
       
 
By:
/s/ Gal Omer
 
   
Name: Gal Omer
 
   
Title: Chief Legal Officer
 
       
Date: July 14, 2026
 
3

Filing Exhibits & Attachments

4 documents