Charlotte-based AvidXchange faced a cybersecurity attack that potentially exposed the financial account information of nearly 7,000 customers, with the attack originating in March.
Furthermore, the Office of the Maine Attorney General revealed the breach’s occurrence on March 2, 2023, and AvidXchange detected it in April during a routine security check. By May, bank account information for numerous customers was published on their website. While the breach showed no signs of identity theft or fraud, it did contain confidential data, including personal information, financial account numbers, credit/debit card information, PINs, and passcodes.
Additionally, AvidXchange promptly responded to the breach by offering identity theft protection services to those impacted and implementing enhanced security measures to protect their products and customers. These measures included resetting all company-wide passwords, implementing additional logging and process restrictions, enabling two-factor authentication, adding conditional access policies, and establishing separate cloud-based user accounts.
At the same time, AvidXchange assured that their products were now secure, emphasizing that the compromised data mainly pertained to current and former employees and their dependents. For North Carolina residents seeking assistance with data breaches and identity theft, the Office of the Attorney General of North Carolina is available to answer questions.