Updated as of November 9, 2023
In early April 2023, AvidXchange detected a cybersecurity incident as part of our routine security monitoring protocols. In response, we launched an investigation and successfully expelled the threat actor from our systems. We also accelerated planned security enhancements.
The incident has concluded and the investigation has determined the incident primarily affected the systems that were used for back-office activities. Based on the extensive investigation and the enhancements implemented to date, we are confident that our products remain secure and safe to use.
We have determined that some files used by AvidXchange were exfiltrated by the threat actor. The files contained confidential information from our files, including bank account numbers, from some of our customers. Throughout this incident, as we identified affected customers, we have been contacting them so they could take steps to help protect their businesses and their bank account information in consultation with their banks.
Security is a critical concern and priority for AvidXchange, and we have taken steps to implement additional safeguards and harden our systems. These steps include:
Thank you for your patience and understanding throughout the investigation. Please contact [email protected] if you have additional questions.