The incident responders noted that there was no evidence that data was exfiltrated during the intrusion — an unusual development considering U.S. intelligence agencies previously said Pay2Key attacks were largely conducted for information theft.