Public Statement - Network and Service Interruptions
Update May 16, 17.15 CEST
Following is an update on our progress regarding the May 6 interruption of our network and services:
We have now restored service to nearly all customer applications and platforms. To date, we have found no evidence that customer data or systems were compromised.
As previously stated, on Monday May 6, our IT team detected anomalies in some devices and servers and, upon investigation, discovered malware. The malware detected was a new (“zero-day”) strain, for which the signature was then unknown, and there was not an existing antivirus solution available to detect the presence of the malicious code. The malware involved in this incident is designed to infiltrate, encrypt files, and disrupt business.
In response, out of extreme caution, we took a very broad range of customer and internal applications and platforms (including our VoIP phone systems) offline. We notified law enforcement regarding the incident.
After initially containing the malware, we began reinforcing protective measures. Our enterprise anti-virus vendors have provided us with updated detection files. Over several days, we then worked to bring systems and applications back on-line. This process involved system-by-system and application-by-application assessment, scanning, testing, and quality assurance protocols designed to provide protections that when we return to service, we do so in a safe and secure way.
Our investigation of the incident is on-going. Further updates will be provided.
Update May 13, 10.00 CEST
As an update on the interruption of our network and services reported on May 6, we can now confirm that over the past few days we have restored service to the vast majority of our customer applications and platforms. Our processes and protocols provide a high degree of confidence in the security of our applications and platforms before they are brought back online. We reiterate that as of today we have not seen any evidence that customer data or systems were compromised or that there was a breach of confidentiality of customer data.
We continue to work around the clock to restore remaining services and we are actively communicating with our customers to update them on the latest status and to provide guidance and support.
The IRS has approved extensions for tax return types 990, 1120 and 1065 filings that were impacted by the May 6 service interruption of Wolters Kluwer CCH software. Impacted filers now have until May 22, 2019, a 7-day extension, to file. As long as the filing is done on or before the extension date, it will not be considered late by the IRS and, consequently all related penalties and interest will be waived. We notified customers of this extension on Friday, May 10.
The investigation continues and further updates will be provided.
Update May 9, 18.00 CEST
Since May 7, we were able to begin restoring service to a number of applications and platforms. We have already brought online several of our systems, including CCH SureTax and CCH Axcess. We're working around the clock to restore service. Our process and protocols assure a high degree of confidence in the security of our applications and platforms before they are brought back online. We have seen no evidence that customer data and systems were compromised or that there was a breach of confidentiality of that data.
At this time, we have notified law enforcement and our investigation is ongoing. We regret any inconvenience this has caused, and we are fully committed to restoring remaining services as quickly as possible for our customers.
Update May 8, 17.00 CEST (applicable until May 20, 19.00 CEST)
For our customers in North America: As we continue to bring our support centers back online, please use this temporary number 800-930-1753 to contact us. While we may not be able to directly answer your question, we will forward your inquiry internally to the appropriate party.
Statement May 7, 2019
On Monday, May 6, we started seeing technical anomalies in a number of our platforms and applications. We immediately started investigating and discovered the installation of malware. As a precaution, in parallel, we decided to take a broader range of platforms and applications offline. With this action, we aimed to quickly limit the impact this malware could have had, giving us the opportunity to investigate the issue with assistance from third-party forensics consultants and work on a solution. Unfortunately, this impacted our communication channels and limited our ability to share updates.
On May 7, we were able to restore service to a number of applications and platforms.
We regret any inconvenience and that we were unable to share more information initially, as our focus was on investigation and restoring services as quickly as possible for our customers.
We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data. Also, there is no reason to believe that our customers have been infected through our platforms and applications. Our investigation is ongoing. We want to apologize for any inconvenience this may have caused.
Statement May 6, 2019, 17.00 CEST
We are experiencing network and service interruptions affecting certain Wolters Kluwer platforms and applications. Out of an abundance of caution, we proactively took offline a number of other applications as we continue to investigate any impact. We apologize to our customers for the inconvenience and appreciate their patience.