Adyen (ADYEN:AMS), a multi-faceted payments provider, was hit by a Distributed Denial of Service (DDoS) attack last week. In a blog post, Adyen said the attacker was targeting their European data centers, with certain services experiencing degraded service or outages. The attack was marked as “resolved” on the next day, with Adyen explaining:
“Our teams activated mitigation strategies immediately upon detecting the attack. This included enabling anti-DDoS protections, scaling internal defenses, offloading traffic away from affected services, and deploying targeted filtering rules to block malicious traffic. We actively blocked the most aggressive sources of traffic coming from a very wide range of IP addresses. Our actions helped restore services after each wave of attack, though some services continued to experience degraded performance for some time. Once mitigated, our engineering teams worked to ensure all customer-facing systems were operating normally, while our platform operations teams kept customers informed throughout the incident with timely updates on impact and resolution progress.”
While Adyen moved rapidly to mitigate the assault, the DDoS highlights the challenging environment and the need for sophisticated cybersecurity operations to ensure digital services are not impacted by bad actors. Fortunately, Adyen did not report any data loss or breach of consumer information.
Thomas Gillan, CEO of BR-DGE, commented on the DDoS attack on Adyen, stating that this shows even the largest platforms can go down. He added that today, another inconvenience hit Spain and Portugal as these two countries experienced a major power and internet outage.
“These events serve as a stark reminder that single points of failure still exist, no matter how good the technology or how big the brand. Businesses of any size can never know for certain what is coming next, whether it is an infrastructure problem, a cyberattack, or something else entirely,” said Gillan. “It is the same for payments: there is no silver bullet, and no single provider can guarantee zero disruption. Merchants should instead focus on building real disaster recovery and business continuity into their payment infrastructure, to ensure resilience is incorporated into the business model by design. Particularly for large enterprise groups, this approach is no longer optional.”
Gillan believes that as the world changes, payment providers must change too, preparing for the worst-case scenario just in case it happens.
Adyen stated that a post-incident review, including long-term prevention measures, will be made available soon.