Gravity Payments Data Breach

In a recent data security breach, Gravity Payments, Inc. (“Gravity”), a credit card processing and financial services company, reported that unauthorized access to certain files containing personal information occurred between August 12 and August 23, 2025. Affected individuals, including those from Maine, are now being urged to take precautionary measures.

Gravity Payments’ Data Breach Investigation

On or around August 22, 2025, Gravity was alerted by a third-party service provider about a vulnerability in their software that allowed an unauthorized actor to access files stored in Gravity’s customer relationship management (CRM) software. The breach was identified promptly, and the company launched an investigation with the assistance of third-party cybersecurity experts. The investigation revealed that a limited number of files were accessed by the intruder.

To understand the full scope of the breach, Gravity conducted an exhaustive review of the affected files. This process concluded on January 15, 2026, when it was determined that personal information of some individuals, including names and other sensitive details, might have been compromised.

At this stage, the company has stated that there is no evidence suggesting that any personal information has been misused. Nevertheless, the breach raises significant concerns about the security of personal data, and Gravity has taken immediate actions to prevent further risk, including revoking the third-party service provider’s access to their data.

When Did This Breach Occur?

The breach occurred between August 12 and August 23, 2025, and was discovered on August 22, 2025. The company immediately took steps to secure their systems upon learning of the breach, but the full investigation and review of affected files did not conclude until mid-January 2026.

What Information Was Breached?

The personal information that was affected by the Gravity Payments data breach includes:

• Names

These data points were contained in files accessed by the unauthorized third party. However, it is important to note that no evidence of misuse has been reported thus far.

What You Can Do

If you believe your information may have been affected by this breach, there are several steps you should take to protect yourself:

1. Monitor Your Accounts: Regularly review your bank and credit card statements for unusual activity.

2. Credit Monitoring: Take advantage of the free credit monitoring and identity restoration services being offered by Gravity through Experian. Ensure that you enroll within 90 days from the date of the notification.

3. Identity Theft Vigilance: Stay alert for signs of identity theft and fraud. Be cautious of unsolicited communications asking for personal information.

4. Protect Your Data: Follow the instructions provided by Gravity to protect your information, including steps to activate the free services offered.

It’s critical to take these actions immediately to minimize the risk of identity theft and financial fraud.

File a Data Breach Lawsuit Against Gravity Payments

If you have received a data breach notification from Gravity Payments or believe your personal information may have been affected, you may be eligible to join a class action lawsuit to seek compensation for the harm caused by this breach.

Class action lawsuits are an effective way for consumers to hold companies accountable when they fail to protect sensitive data. If you have been impacted by the Gravity Payments breach, don’t stand alone. Join the class and fight for justice!

Contact us at Class Action U for a free consultation to determine if you have a case. We will connect you with a lawyer skilled in data breach lawsuits. Our services are quick, easy, and secure, and there’s no obligation after speaking with our legal team.