Updated as of June 1, 2023
In early April 2023, AvidXchange detected a cybersecurity incident as part of our routine security monitoring protocols. In response to the incident, we launched an investigation with the support of leading cybersecurity experts, reached out to law enforcement, and have taken and will continue to take actions to implement additional safeguards.
The investigation, which is ongoing, has revealed that the incident affected some of AvidXchange’s systems and that data from these systems was taken. As part of our investigation, we have learned that threat actors published data taken from AvidXchange’s systems. This data includes some confidential information, including bank account numbers, from some of our customers. On May 31, a threat actor published additional data it claims are from AvidXchange’s systems. We are investigating those claims and if we determine that the published information includes confidential data, we will contact those affected directly.
Our solutions remain operational, and we continue to process customer transactions, including invoices and payments, through our systems. Our efforts to respond to the incident and to implement additional safeguards and enhance our security have resulted and may in the future result in temporary disruptions to certain features or products.
As a general matter, in these situations, security experts recommend that you remain vigilant against phishing attempts and only click on links that originate from a trusted sender or domain name.
We take this situation extremely seriously and we are working expeditiously to complete the investigation in collaboration with cybersecurity experts. Thank you for your patience as we work to resolve this issue.
Please contact [email protected] if you have additional questions.
1. Was my company’s data impacted?
The forensic investigation is ongoing and will take time to complete. If we determine that the published information includes confidential data, we will contact those affected directly.
2. What steps are you taking to address the incident?
Security is a critical concern and priority for AvidXchange, and we are taking actions to implement additional safeguards. These safeguards include:
Please know that we take this situation extremely seriously. We are working expeditiously to complete the investigation in collaboration with cybersecurity experts. We have invested heavily in security over the years, and we will continue to identify ways to further enhance our protocols and practices.
3. What additional security measures do I need to take?
We are contacting affected customers directly and providing them information about how they can protect themselves.
4. How can I stay informed?
We will continue to share updates on this page to keep customers and others updated on the situation.
In light of this incident, we are sharing best practices and additional resources that describe additional steps you can take to help protect your information, including recommendations by the Federal Trade Commission regarding basic practices to reduce risk of a cyber incident and details on how to keep your password secure.
AvidXchange HQ
1210 AvidXchange Lane
Charlotte, NC, 28206
800.560.9305
