Dive Brief:

• Adyen was hit with a cyberattack this week that temporarily disrupted some of the payment processor’s services in Europe, the Dutch company said on its website. 
• The payment processor noticed something was amiss shortly before 7 p.m. Central European Summer Time (1 p.m. Eastern Daylight Time) Monday when monitoring systems noticed unusually high error rates in European payment systems, according to a post on Adyen’s website.
• “Our engineering teams immediately began investigating and quickly identified a [distributed denial of service] attack targeting services across our European datacenters,” said the April 21 post from the company’s chief technology officer, Tom Adams.

Dive Insight:

A distributed denial of service attack involves hackers overwhelming a website or online service with traffic to make it unusable for visitors.

“The attack unfolded in three distinct waves, each with a unique pattern that required continuous adjustments to our mitigation strategies,” Adyen’s website says. “As one wave was mitigated, a new wave with a different signature emerged. At peak, the attack generated millions of requests per minute, originating from a globally distributed and constantly shifting set of IP addresses.”

Certain services such as onboarding and money transfers were “degraded” during the attack, Amsterdam-based Adyen said. “These issues led to failed or delayed transactions for some customers during the affected timeframes,” the company’s website said.

The company provides merchants with payment processing services. Some of Adyen’s major customers include ride-share company Uber, online marketplace eBay and the streaming service Spotify.

An Adyen spokesperson did not respond to a message asking for more details on how services were affected, or whether U.S. operations were impacted.

The incident was marked “resolved” shortly after 3 a.m. Central European Summer Time Tuesday, Adyen said.

The company will make a “detailed post-incident review” available to customers which will include analysis of what happened and “long-term prevention measures,” the website said, but did not provide a timeline.

Distributed denial of service attacks are one of the most common forms of cyberattacks and often target financial services companies, Teresa Walsh, chief intelligence officer for the cybersecurity firm FS-ISAC said in an email.

“While DDoS attacks themselves rarely interrupt internal operations or extract data from cyber-mature financial services organizations, they can significantly impact credibility and customer trust,” she said.