Late Monday, online payments company Xoom Corp.
US:XOOM
said in a regulatory filing that someone impersonating an employee had managed to transfer $30.8 million in corporate cash to overseas accounts.

At the same time, the company said its new chief financial officer, Matt Hibbard, on the job only since December 1, had resigned. Ryno Blignaut, the company’s previous CFO, has returned in an acting role.

Xoom stock zoomed lower on the news, losing 14% on Monday. After Wall Street responded to the news on Tuesday, including new coverage of Xoom by Stifel with a “buy” rating, its shares bounced higher to close at $16.73.

Xoom is a low-cost money online money-transfer service that competes with Western Union. It went public in Feb. 2013 after more than a decade in the business. Its IPO prospectus stated: “We have built our technology to test each transaction for compliance, anti-money laundering, acceptable use, anti-fraud and funding risk within seconds.”

The company now is working with federal law enforcement in a multi-agency criminal investigation, and it cannot disclose many details about the nature of the theft. Xoom CEO John Kuntze said in a statement: “Xoom was the target of an international criminal fraud that was sophisticated enough to overcome numerous internal protections.” He added that no customer information or money was impacted, nor were any of Xoom’s systems and networks targeted.

Still, even if some on Wall Street believe that Xoom stock trades at a discount to its Internet rivals, the real test is going to be the reaction by its customers. In its most recent quarterly statement, Xoom noted that revenue from repeat customers was 90% of its $115.2 million in revenue for the nine months ended Sept. 2014.

Alexander Veytsman, an analyst with Monness, Crespi, Hardt & Co. Research, downgraded the stock to neutral, saying after the theft and the one-time charge of $30.8 million to Xoom’s fourth quarter earnings, its buy rating was “difficult to justify.” He also lowered the price target to $18 from $30. “We believe it may take at least several months before we know the specifics behind the fraudulent acts,” Veytsman wrote, adding that the “two recent seemingly unrelated CFO resignations in less than 60 days add to the overall uncertainty.”

Xoom has developed a core customer base in the United States. Its payment system is used to send money to 30 different countries. In 2013, Xoom said, 60% of its customers sent money to India and the Philippines.

A Xoom official said that the company is ready to answer any customer inquiries about the incident. “Most importantly, we want our customers to be assured that this criminal attack was targeted at Xoom Corporation, and not our customers. This was not consumer fraud and no customer data was affected, and no customer funds were impacted,” said Robin Carr, a Xoom spokesperson, in an emailed statement.

Colin Sebastian, an analyst with R.W. Baird, said in a note to clients that the company may incur some near-term expenses to “mitigate negative press headlines, to ensure proper internal controls, and to cooperate with investigators.” Sebastian also noted the theft was ironic because the company has so far been “very effective” at weeding out fraudulent money transfers in its core business.

Indeed, Xoom noted in its third quarter regulatory filing that it has been the target of fraudulent activity. In 2013, Xoom said, its transaction loss expense totaled $13.6 million, representing 0.24% of its total sending volume, a small fraction of its overall sending.

It’s also worth noting that eBay Inc.
EBAY,
-0.53%
suffered from an even worse attack last year, in which customers’ passwords were compromised. It asked customers to change their passwords after a massive network hack.

Investors no doubt will be eager to hear more details about the theft, should they be forthcoming, during the Xoom’s fourth quarter earnings call, slated for February. For the moment, Xoom’s shares aren’t likely to speed ahead.