A malware attack on Wolters Kluwer, a popular tax and accounting software platform, has left many in the accounting world unable to work this week and sparked concerns about the security of the tax return and financial information stored on the company’s cloud servers.
Wolters Kluwer provides software and services to all of the top 100 accounting firms in the U.S., 90% of top global banks and 93% of Fortune 500 companies, according to its web site. Many of its tax and accounting services, as well as vital storage services, have been down since early Monday morning, leaving customers unable to work, access customer tax returns or personal information, during a busy filing period (taxes for non-profit organizations are due May 15). The approximately $4.8 billion company is headquartered in The Netherlands.
While the company did not comment on how many of its customers were impacted by the downtime, CNBC spoke to accountants and cybersecurity specialists across the U.S., from the biggest firms down to independent operations, who described significant and ongoing problems accessing their customers’ data. One accountant at a large, Midwest-based accounting firm, said that the accounting world was in a “quiet panic” over the attack. This person requested anonymity to protect his clients.
“We have a really close relationship with our customers, and we understand that this situation impacted their day-to-day work,” Elizabeth Queen, vice president of risk management for Wolters Kluwer, told CNBC. “We’re working around the clock to restore service, and we want to provide them the assurance that we can restore service safely. We’ve made very good progress so far.” Queen said the company has contacted authorities and third-party forensic teams to investigate the incident.
Queen reiterated a written statement issued yesterday by the company, which said “We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data. Also, there is no reason to believe that our customers have been infected through our platforms and applications. Our investigation is ongoing.”
Difficult communication and inaccessible data
The attack started around 8am Eastern Time on Monday. Queen said she could not yet release information on the specific type of attack against the company. But the incident is reminiscent of the NotPetya ransomware attacks of 2017, which spread quickly throughout firms, knocking out services including voice and email, and rendering huge databases of documents inaccessible.