Gravity Payments Data Breach Exposes Sensitive Information of Over 2,200 Individuals
Gravity Payments, a Seattle-based financial services provider specializing in credit card processing and small business solutions, disclosed a data breach affecting 2,278 individuals. The incident stemmed from a vulnerability in third-party software, which an unknown actor exploited to access files stored in the company’s customer relationship management system.
The breach was first detected on August 22, 2025, when a third-party service provider alerted Gravity Payments to the security flaw. An investigation, conducted with cybersecurity experts, confirmed unauthorized access to a limited set of files. A full review concluded on January 15, 2026, revealing that exposed data included names, Social Security numbers, and other personally identifiable information (PII), though specific details beyond these categories remain undisclosed.
Gravity Payments reported the incident to the attorneys general offices of Maine and Vermont, with 14 affected individuals in Maine and four in New Hampshire. The company has begun notifying impacted customers and is offering free credit monitoring and identity restoration services through Experian for those who enroll within 90 days of receiving a notification.
Affected individuals may also be eligible for compensation, as law firm Shamis & Gentile P.A. is investigating potential legal claims related to the breach. Gravity Payments has established a dedicated assistance line (833-931-5050) for further inquiries.
Source: https://www.claimdepot.com/investigations/gravity-payments-data-breach-2026
Gravity Payments cybersecurity rating report: https://www.rankiteo.com/company/gravity-payments
"id": "GRA1770325911",
"linkid": "gravity-payments",
"type": "Breach",
"date": "8/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '2278',
'industry': 'Credit card processing, small business '
'solutions',
'location': 'Seattle, Washington, USA',
'name': 'Gravity Payments',
'type': 'Financial services provider'}],
'attack_vector': 'Third-party software vulnerability',
'customer_advisories': 'Free credit monitoring and identity restoration '
'services through Experian (90-day enrollment window), '
'dedicated assistance line (833-931-5050)',
'data_breach': {'number_of_records_exposed': '2278',
'personally_identifiable_information': 'Names, Social '
'Security numbers',
'sensitivity_of_data': 'High',
'type_of_data_compromised': 'Personally Identifiable '
'Information (PII)'},
'date_detected': '2025-08-22',
'date_resolved': '2026-01-15',
'description': 'Gravity Payments disclosed a data breach affecting 2,278 '
'individuals due to a vulnerability in third-party software, '
'which an unknown actor exploited to access files stored in '
'the company’s customer relationship management system. '
'Exposed data included names, Social Security numbers, and '
'other personally identifiable information (PII).',
'impact': {'data_compromised': 'Names, Social Security numbers, and other PII',
'identity_theft_risk': 'High',
'systems_affected': 'Customer relationship management system'},
'investigation_status': 'Completed',
'post_incident_analysis': {'root_causes': 'Third-party software '
'vulnerability'},
'references': [{'source': 'Gravity Payments disclosure'}],
'regulatory_compliance': {'legal_actions': 'Potential legal claims (Shamis & '
'Gentile P.A.)',
'regulatory_notifications': 'Attorneys general '
'offices of Maine and '
'Vermont'},
'response': {'communication_strategy': 'Customer notifications, dedicated '
'assistance line',
'third_party_assistance': 'Cybersecurity experts'},
'threat_actor': 'Unknown',
'title': 'Gravity Payments Data Breach Exposes Sensitive Information of Over '
'2,200 Individuals',
'type': 'Data Breach',
'vulnerability_exploited': 'Security flaw in third-party software'}