Wolters Kluwer is a tax accounting software and cloud company. They service a huge number of U.S. accounting firms, includes banks and Fortune 500 companies also.
A malware attack which started Monday morning began shutting down access to vast array of databases of tax return information, and said downtime has reached past this Wednesday.
Risk management VP Elizabeth Queen has said that the company is working “around the clock” to restore service.
Malware has silently hit Wolters Kluwer’s tax and accounting software platform and has crippled the accounting world from working this weekend and the accounting world are now concerned out the security of the tax return and financial information that they have stored on the company’s cloud servers.
Most of the top 100 accounting firms in the U.S., 90% of top global banks, and 93% of Fortune 500 companies according to Wolters Kluwer uses their platform. Their tax and accounting services together with vital sotrage services have been down since Monday morning. Customers were unable to work, access tax returns or personal information during this busy filing period (which is critical for non-profit organizations that are due to May 15). Wolters Kluwer is valued at approximately $4.8 billion and has its headquarters inn the Netherlands.
They did not disclose how many of its customers were affected by the downtime and impacted clients are maintaining their anonymity to protect their clients. They have been working 24 hours to mitigate the issue. They are fully aware that their customers have been impacted from their day-to-day work. Elizabeth Queen, vice president of risk management for Wolters Kluwer said that they have contacted authorities and third-party forensics teams to investigatre the incident.
Queen reiterated a written statement issued yesterday by the company, which said “We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data. Also, there is no reason to believe that our customers have been infected through our platforms and applications. Our investigation is ongoing.”
The attack began Monday at around 8AM Eastern Time. They have not released information on the specific type of attack that hit them. But the incident is reminiscent of the NotPetya ransomware attacks of 2017, which spread quickly throughout firms, knocking out services including voice and email, and rendering huge databases of documents inaccessible.
Upon learning about the attack, Wolters Kluwer took initiative and had their systems immediately offline including their communication systems to prevent malware from spreading. This resulted to having accountants, IT staff, and clients
unable to get a hold of them and get information about what happened.
Being offline gave them the opportunity to investigate the problem safely. It is time consuming gathering information on how to fix the issue. However, they are still in constant contact with their customers and employees about the situation and continuously updating them as best as they can.
Some accountants were still unable to access documents stored in Wolters Kluwer cloud servers as of Wednesday 2:20PM EST. They have complained that the firm was unreacheable since they have downed their communications channels specially their customer service lines which they normally get a hold of.
There are still no new information released and have no estimated time for restoration.
A cybersecurity professional at one Big Four accounting firm said she had received reassurances from Wolters Kluwer that account information had not been accessed. But she also said her firm took additional precautions to “limit any possible exposure” to the malware attack through the accounting giant’s technology connections to the software company.
“We’re, of course, watching it closely and having our own people look at the problem,” she said. The cybersecurity professional asked to remain anonymous because she is not authorized to speak to media.
The accountant from the Midwest-based accounting firm said that data loss was his “primary concern.” But he said he’d only received one call from a client asking about data.
“I’d characterize it as a bit of a ‘quiet panic’ right now in the corporate accounting world, without a lot of information,” he said.
This is an unfortunate event. Specifically to the clients who need to file by May 15. They should consider doing things manually for now until Wolters Kluwer has resolved the issue.