Hopefully these victims get their money back!
Njalla has a contact page, and on their site it states:
“The idea is to make sure that we minimise your visibility to the public. We’re not going to give your customer data out easily. However, we will help if there are legal merits to any formal government requests to our system. If you use our service in a way that affects anyones health or safety, we reserve the right to suspend your service.”
So maybe the hacker broke their terms? This can maybe be solved? They have a contact page as well.