In early November 2025, Poland’s leading mobile payment system BLIK suffered a severe disruption when its infrastructure was hit by a distributed denial-of-service (DDoS) attack. For millions of users, the damage involved payment failures, delayed transactions, and a hit to confidence in one of the country’s core payment systems.
What Happened
On Saturday morning, November 1, the operator of BLIK, a service run by the Polish Standard Płatności, acknowledged that an external DDoS attack was underway which was causing problems for its service. The number of reports of failed payments and system issues escalated quickly. Users across multiple banks in Poland reported being unable to generate the required codes for transactions or complete transfers via their mobile banking apps. By around 10:33 am, the operator announced that transactions should return to normal, and later in the evening declared the infrastructure secured and fully monitored.
Officials confirmed the DDoS attack targeted the national infrastructure via BLIK and was likely externally orchestrated. Deputy Prime Minister and Minister of Digital Affairs Krzysztof Gawkowski acknowledged the incident as a DDoS attack on Poland’s clearing-infrastructure.
Why This Matters
BLIK is used by most banks across Poland, enabling instant payments online, in stores and via mobile apps, handling millions of transactions daily. Any disruption therefore has material business impact.
Service interruptions like this have multiple consequences:
- Lost revenue from failed payments
- Reputational damage to the service and the banks
- User frustration
- Possible regulatory scrutiny
A payment provider cannot afford even short periods of downtime. This incident underscores how DDoS attacks – traditionally thought of as nuisance events – pose serious business continuity risks for financial-services platforms.
The Nature of the Attack
While full technical details are not public, reports confirm that this was a DDoS attack. The effect was immediate disruption across large numbers of users. What is significant here is that the attack targeted a critical payments platform – one that is foundational to day-to-day commerce in Poland.
The fact that users were blocked from completing transactions shows how a DDoS event can rapidly translate into real-world outage for payments, not just a degraded service. On one hand, the speed with which the service was restored (within hours) shows that the attack was mitigated. On the other hand, it also reveals the extent to which the system was vulnerable and therefore exploited by the attackers. This underscores the fact that even well-established payment platforms may lack full readiness for DDoS attacks, despite deploying extensive DDoS defenses.
What Could Have Prevented It: Proactive DDoS Validation
This incident provides a clear lesson for payment service providers: You cannot treat DDoS risk as theoretical. Rather, defenses must be validated continuously and proactively – and any gaps are closed before they are exploited.
According to the 2025 survey by MazeBolt among 300 CISOs and senior security leaders in banking, financial services and insurance, 86 percent of enterprises test their DDoS defenses only once a year or less. That minimal testing frequency means long windows of un-validated exposure.
The reason that DDoS testing remains ineffective is that traditional DDoS testing is disruptive, requiring maintenance windows on the live production environment. Continuous DDoS testing identifies misconfigurations, performance bottlenecks, latent vulnerabilities, and drift in the defenses, long before an attacker exploits them.
If BLIK’s operator had in place a continuous, nondisruptive DDoS-testing regime – running ongoing simulations of volumetric floods, API-layer attacks, bursting traffic patterns, etc. – the risk of interruption would have been significantly reduced. In this scenario, the service would have been able to validate that its upstream filtering, traffic scrubbing, rate-limiting and routing logic held up under stress. It also would have been able to fix any gaps ahead of time, ensuring that a real DDoS attack does not turn into damaging downtime.
For payment-platform operators, continuous DDoS testing brings business-continuity assurance – not just protection. It removes reliance on scheduled test windows and moves the defense model into the realm of real-time readiness.
Payments Platforms Need Continuous DDoS Testing
The BLIK disruption serves as a stark reminder that any payments platform, especially one as central and widely used as BLIK, must have DDoS testing and remediation built not just into its protection tools, but into its assurance processes. DDoS testing once a year is no longer sufficient.
