Updated as of May 15, 2023
In early April 2023, AvidXchange detected a cybersecurity incident as part of our routine security monitoring protocols. In response to the incident, we launched an investigation with the support of leading cybersecurity experts, reached out to law enforcement and have taken and will continue to take actions to implement additional safeguards.
The investigation, which is ongoing, has revealed that the incident affected some of AvidXchange’s systems and that data from these systems was exfiltrated. Threat actors have published data they claim to have taken from our systems.
Upon reviewing the files, we learned that a threat actor published the login credentials for a specific application used by a small number of customers. We temporarily took the application offline while we contacted those customers and reset their passwords.
We are also aware that a threat actor may release additional information. If we learn that your confidential data was exfiltrated, we will contact you directly.
Our solutions are operational, and we continue to process customer transactions, including invoices and payments, through our systems. Our efforts to respond to the incident and to implement additional safeguards and enhance our security may result in temporary disruptions to certain features or products.
As a general matter, in these situations, security experts recommend that you remain vigilant against phishing attempts and only click on links that originate from a trusted sender or domain name.
As part of our ongoing response to this incident, we created a dedicated webpage to share information and updates with you. Please click here to visit the page.
We take this situation extremely seriously and we are working expeditiously to complete the investigation in collaboration with cybersecurity experts. Thank you for your patience as we work to resolve this issue.