Brinztech Alert: Data of Avalara are on Sale

Dark Web News Analysis

A threat actor on a known cybercrime forum is claiming to sell a partial database that they allege was stolen from Avalara, a major provider of tax compliance software used by thousands of businesses worldwide. According to the seller’s post, the breach occurred in September 2025. The purportedly compromised data includes a wide range of highly sensitive information, such as API tokens, employee data from major corporations, order metadata, and shipping details. The actor’s claims specifically mention that Avalara’s customer base includes giants like Amazon, Microsoft, and Morgan Stanley.

This claim, if true, represents a security incident of the highest severity. Avalara is a central and trusted component in the e-commerce and financial transaction ecosystem. A breach of its systems, especially one that exposes API tokens, is a catastrophic supply chain attack. ¹ It could provide a malicious actor with the keys to access, manipulate, or steal the sensitive tax and transaction data of every single company that relies on Avalara’s services.  

Key Cybersecurity Insights

This alleged data breach presents a critical and widespread supply chain threat:

• A Catastrophic Supply Chain Attack on Global Commerce: The primary and most severe risk is the potential for a massive supply chain attack. A single breach at a core tax compliance provider like Avalara could instantly expose the sensitive financial and transactional data of thousands of other companies, creating a systemic crisis.
• High Risk of Sophisticated Financial Fraud: The alleged leak of API tokens, order metadata, and shipping details is a goldmine for fraudsters. An attacker could potentially use this information to manipulate tax calculations, intercept tax-related communications, or launch highly convincing invoice fraud scams against Avalara’s clients.
• “Freshness” Claim Increases Urgency: The claim that the breach is from the current month (September 2025) is a tactic to signal that the data and any compromised tokens are extremely fresh and likely still active. This increases the urgency for Avalara and its clients to respond immediately.

Mitigation Strategies

In response to a supply chain threat of this nature, Avalara and its clients must take immediate action:

• Launch an Immediate Investigation and Full Partner Notification: The highest priority for Avalara is to conduct an urgent, massive-scale forensic investigation to verify the claim’s authenticity. It is also their critical responsibility to proactively and transparently notify all of their clients about the potential breach so those organizations can take immediate defensive measures.
• Activate Third-Party Risk Management for all Clients: Any company that uses Avalara for tax compliance should immediately activate its third-party risk management and incident response plans. They must assume that their transactional data and API keys may be compromised and immediately rotate all credentials associated with the service.
• Mandate a Comprehensive Security Overhaul: A breach of this nature necessitates a complete review of Avalara’s security posture, with an emergency focus on auditing and securing all of its APIs. The company must enforce password resets and mandate Multi-Factor Authentication (MFA) on all customer and employee accounts.

Secure Your Organization with Brinztech As a cybersecurity provider, we can protect your business from the threats discussed here. Contact us to learn more about our services.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com