U.S. payment software firm AvidXchange had its systems compromised by the RansomHouse threat group
just weeks after the company had been impacted by a widespread Clop ransomware attack involving the exploitation of Fortra GoAnywhere systems, reports TechCrunch
Sensitive data stolen from AvidXchange has already been posted by RansomHouse on its dark web leak site, including usernames, passwords, and security question answers for several of its systems, as well as non-disclosure agreements, corporate bank account numbers, and employee payroll details.
Based on the leaks, AvidXchange is believed to have used passwords with different versions of its name and the word "password," with many of the exposed logins believed to be still in use. Such an incident has been confirmed by AvidXchange to have impacted some of its systems, with some data found to be exfiltrated early last month.
Investigation into the incident is underway but the company has not confirmed whether it received or paid RansomHouse's demands.