.png)
Gravity Payments Data Breach Investigation
Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Gravity Payments data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About Gravity Payments
Gravity Payments is a financial services company that has been providing credit card processing and related solutions since 2004. Headquartered in Seattle, the company also operates offices in Boise and Honolulu.
Gravity Payments serves a wide range of independently owned businesses, franchises and industries such as retail, healthcare and food and beverage. The company also offers specialized products for law firms and bridal stores, as well as small business financing.
What Happened?
On or around Aug. 22, 2025, Gravity Payments was informed by a third-party service provider of a vulnerability in their software. This vulnerability allowed an unknown actor to gain access to certain files belonging to Gravity Payments that were stored in customer relationship management software.
Upon learning of the incident, Gravity Payments launched an investigation with the help of cybersecurity experts. The investigation determined that an unauthorized third party accessed a limited number of files.
A thorough review of the affected files was completed on Jan. 15, 2026, and it was found that some individuals' personal information may have been compromised. As of the current disclosures, the other exposed types of information are unknown but could relate to Social Security numbers, addresses, dates of birth, or other PII.
Information Exposed:
- Names
- Other personal information (as specified in individual notifications)
The breach was disclosed to the attorneys general offices of Maine and Vermont. The breach has affected a total of 2,278 individuals, including 14 in Maine.
Your Rights and Next Steps
If you received a notice from Gravity Payments, it is important to take steps to protect yourself from potential identity theft or fraud. Here are some actions you can consider:
- Enroll in the free credit monitoring and identity restoration services offered through Experian. Make sure to enroll within 90 days of receiving the notification letter.
- Regularly review your account statements and credit reports for any suspicious activity. You are entitled to one free credit report annually from each of the three major credit bureaus (Equifax, Experian and TransUnion).
- Consider placing a fraud alert on your credit file. This will require creditors to contact you before opening new accounts or making changes to existing accounts.
- You may also place a security freeze on your credit reports, which restricts access to your credit file and can help prevent new accounts from being opened in your name without your consent.
- Stay vigilant for signs of identity theft and report any suspicious activity to law enforcement and the Federal Trade Commission.
If you have additional questions, Gravity Payments has set up a dedicated assistance line at 833-931-5050, available Monday through Friday from 8 a.m. to 8 p.m. Central Time.
You May Be Entitled to Compensation
If your personal information was exposed in the Gravity Payments data breach, you may have the right to seek compensation for any harm or inconvenience you experienced. Lawyers are ready to help affected individuals understand their rights and pursue potential claims.
To find out if you are eligible to join a lawsuit related to this data breach, complete the below form. This is the first step toward holding companies accountable and protecting your rights after a data breach.
.svg)