Cloud applications from global tax and accounting giant Wolters Kluwer were targeted by malware during the past week, disrupting services overnight for some US users.
The ongoing Malware update on the developer’s corporate site reported last Tuesday: “On Monday, May 6, we started seeing technical anomalies in a number of our platforms and applications. We immediately started investigating and discovered the installation of malware. As a precaution, in parallel, we decided to take a broader range of platforms and applications offline.”
The affected applications included CCH Axcess, CCH Account Research Manager, the TaxWise online filing system and CCH Global fx, which were all restored on 7 May.
Working with external forensic advisers, the company reported that its network had been infected by malware on our network. In its latest statement, Wolters Kluwer said: “We can now confirm that over the past few days we have restored service to the vast majority of our customer applications and platforms.”
Stressing that its systems provide a “high degree of confidence”, the statement added that the malware attack had little impact in Europe, and did not apply to any UK services.
“We have not seen any evidence that customer data or systems were compromised or that there was a breach of confidentiality of customer data,” it added.
IRS deadline extensions
In the US the annual income tax filing deadline falls on 15 April, but there were later deadlines on 7 May for certain tax return types. As a result of the Wolters Kluwer CCH service interruption, the US Internal Revenue Service granted a seven-day extension for anyone affected by the breach.
Discussing the breach on AccountingWEB.com, Mike Skinner of Horne Cyber LLC explained that web applications are a top target for hackers. “The central problem with these applications is that they involve custom software code, which can be easily exploited by cybercriminals,” he wrote.
Cloud applications are now a reality for accountants around the world, and while they bring convenience and a higher level of data security than many office-based desktop systems, Skinner warned users not to abdicate their data responsibilities: “When companies rely on a third-party software like CCH Axcess to host their data or provide critical business functions, they are still responsible for a wide array of matters. These include the security, availability, process and confidentiality, to the privacy of what is hosted by the third-party vendor.”
His advice was to do your due diligence properly when selecting third-party vendors and to practise good cybersecurity.