AvidXchange

AvidXchange is a payment software company headquartered in the United States of America. The firm develops and provides payment software solutions for businesses. Its products are used to facilitate electronic payment processing and related financial workflows. AvidXchange serves organizations that require secure and efficient handling of payment transactions.

The company’s software handles sensitive financial information, including employee payroll data, corporate bank account numbers, and various system login credentials. This concentration of sensitive data has made AvidXchange a target for ransomware groups such as Clop and RansomHouse. In early 2023 the firm suffered two separate ransomware incidents. The first incident was linked to a vulnerability in a third‑party file transfer system. The second incident was claimed by the RansomHouse group. Both incidents resulted in data exfiltration and public leaks.

In response to the attacks, AvidXchange detected anomalous activity during routine monitoring. The company engaged cybersecurity experts and notified law enforcement. Affected applications were temporarily disabled to reset customer credentials. AvidXchange stated that it is implementing additional safeguards while maintaining operational continuity. Some features experienced temporary disruptions as a result. Exfiltrated data samples have indicated potential exposure of non‑disclosure agreements, security‑question answers, and access details for internal systems ranging from cloud accounts to physical security devices.