Wolters Kluwer Cloud Accounting & Tax System Down To Malware Attack
Tax Accounting Firm Wolters Kluwer, valued at $4.8 billion is currently suffering a severe malware attack that forced the company to take down their tax returns database since May 6, 2019. A huge portion of the company’s clients are Fortune 500 companies (93%), U.S. banks (90%) and accounting firms (number undisclosed). As a host of their own cloud service for tax and accounting processing, their clients are not able to access their respective accounts and their data uploaded to the service. Coincdentally the U.S. non-profit organization filing deadline is on May 15.
“We have a really close relationship with our customers, and we understand that this situation impacted their day-to-day work. We’re working around the clock to restore service, and we want to provide them the assurance that we can restore service safely. We’ve made very good progress so far. We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data. Also, there is no reason to believe that our customers have been infected through our platforms and applications. Our investigation is ongoing,” explained Elizabeth Queen, Wolters Kluwer VP of Risk Management.
The company refused to disclose the name of the malware that heavily infected their database servers. It is believed that the infection route is not a special one, but rather it only spread through email or instant messaging app, which crawl its way to lock down the company’s database used for their cloud taxing and accounting service. Wolters Kluwer admitted that the takedown of their servers was deliberate in order to stop the further spread of the unnamed malware, at the expense of their customers unable to access their data.
“(The take down) really gave us the opportunity to investigate the problem safely. It takes time to gather information, and we are informing our customers and employees about the situation, updating them as best we can,” added Queen.
The company has not revealed when they are planning to restore the services of the tax cloud servers, as they emphasize the need for the company to minimize public exposure of their system for quite a while to prevent further damage. As per KrebsOnSecurity, a blog site dedicated to revealing cybersecurity issues, it found out that a portion of the cloud-based system hosted by Wolters Kluwer was left open for anonymous access earlier prior to the takedown. Visible indications showed that someone with malicious goal uploaded malicious files in the remote storage hosted by Wolters Kluwer’s servers, a hence good indication of infiltration due to weak or lack of security on the part of the server’s admin.
“We regret any inconvenience and that we were unable to share more information initially, as our focus was on investigation and restoring services as quickly as possible for our customers. We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data. Also, there is no reason to believe that our customers have been infected through our platforms and applications. Our investigation is ongoing. We want to apologize for any inconvenience this may have caused,” said Marisa Westcott, Wolters Kluwer’s Vice President for Global Marketing & Communications.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.