Top Stories
Top Stories
Cybersecurity

A malware attack against accounting software giant Wolters Kluwer is causing a 'quiet panic' at accounting firms

Key Points
  • Wolters Kluwer is a tax accounting software and cloud services company that serves a significant portion of U.S. accounting firms, banks and Fortune 500 companies.
  • The company was victim of a malware attack that begin shutting down access to vast databases of tax return information Monday morning, with downtime stretching into Wednesday.
  • Risk management VP Elizabeth Queen told CNBC the company is working "around the clock" to restore service.
Hill Street Studios LLC | DigitalVision | Getty Images

A malware attack on Wolters Kluwer, a popular tax and accounting software platform, has left many in the accounting world unable to work this week and sparked concerns about the security of the tax return and financial information stored on the company's cloud servers.

Wolters Kluwer provides software and services to all of the top 100 accounting firms in the U.S., 90% of top global banks and 93% of Fortune 500 companies, according to its web site. Many of its tax and accounting services, as well as vital storage services, have been down since early Monday morning, leaving customers unable to work, access customer tax returns or personal information, during a busy filing period (taxes for non-profit organizations are due May 15). The approximately $4.8 billion company is headquartered in The Netherlands.

While the company did not comment on how many of its customers were impacted by the downtime, CNBC spoke to accountants and cybersecurity specialists across the U.S., from the biggest firms down to independent operations, who described significant and ongoing problems accessing their customers' data. One accountant at a large, Midwest-based accounting firm, said that the accounting world was in a "quiet panic" over the attack. This person requested anonymity to protect his clients.

"We have a really close relationship with our customers, and we understand that this situation impacted their day-to-day work," Elizabeth Queen, vice president of risk management for Wolters Kluwer, told CNBC. "We're working around the clock to restore service, and we want to provide them the assurance that we can restore service safely. We've made very good progress so far." Queen said the company has contacted authorities and third-party forensic teams to investigate the incident.

Queen reiterated a written statement issued yesterday by the company, which said "We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data. Also, there is no reason to believe that our customers have been infected through our platforms and applications. Our investigation is ongoing."

Difficult communication and inaccessible data

The attack started around 8am Eastern Time on Monday. Queen said she could not yet release information on the specific type of attack against the company. But the incident is reminiscent of the NotPetya ransomware attacks of 2017, which spread quickly throughout firms, knocking out services including voice and email, and rendering huge databases of documents inaccessible.

After the attack, Wolters Kluwer took many of its systems offline, including "communications systems," to prevent the malware from spreading further. This made it difficult for accountants and IT staff to reach the company for information about the incident.

"It really gave us the opportunity to investigate the problem safely," Queen explained. "It takes time to gather information, and we are informing our customers and employees about the situation, updating them as best we can."

One accountant in the Southeast said his investment firm uses to store client tax returns, working papers and other important information. He asked to speak to CNBC on background because he is not authorized by his employer to speak to media.

The accountant said he was still unable to access documents stored in Wolters Kluwer cloud servers as of 2:20 p.m. ET Wednesday, and that his firm was unable to get much information from the company because of the downed communications channels, including customer service numbers he said his firm typically uses.

"Since Tuesday, it was the same thing, no new information," he said.

On Wednesday afternoon, Wolters Kluwer provided the accountant's firm with a back-up customer service number. When called, the new technical support number yielded a message saying "we do not have a specific timeline for when we expect to have service fully restored."

A cybersecurity professional at one Big Four accounting firm said she had received reassurances from Wolters Kluwer that account information had not been accessed. But she also said her firm took additional precautions to "limit any possible exposure" to the malware attack through the accounting giant's technology connections to the software company.

"We're, of course, watching it closely and having our own people look at the problem," she said. The cybersecurity professional asked to remain anonymous because she is not authorized to speak to media.

The accountant from the Midwest-based accounting firm said that data loss was his "primary concern." But he said he'd only received one call from a client asking about data.

"I'd characterize it as a bit of a 'quiet panic' right now in the corporate accounting world, without a lot of information," he said.

For the clients who need to file by May 15, the accountant said he is coming up with a back-up plan: "Do it by hand."

VIDEO6:2306:23
Shifting 'threat landscape' and the cloud are 'great secular growth drivers' for Proofpoint, CEO says