As previously disclosed, on May 6, Wolters Kluwer detected ransomware in a portion of our environment. While we proactively took a broad range of customer and internal applications and platforms offline to protect our systems, applications and customer data, only a small percentage of our products and applications were infected by the ransomware. Service to almost all of our customer applications and platforms that were taken offline was restored systematically between May 7 and May 12.
We promptly engaged CrowdStrike, a leading cybersecurity technology firm, to conduct a forensic investigation of the incident. This investigation has now been completed. CrowdStrike’s key findings are as follows:
- The firm has not observed any execution of the ransomware since May 6 or any evidence of data exfiltration from our network.
- All infected devices have been remediated or were decommissioned by Wolters Kluwer.
- Enhanced information security technology running on Wolters Kluwer’s systems are designed to detect and prevent the execution of a broad range of malware, including any of the malware associated with the incident.
Protecting the interests of our customers, employees and company is our top priority. Wolters Kluwer will continue to work vigilantly to maintain and continuously improve our cyber-readiness posture.
Forward-looking Statements and Other Important Legal Information
This report contains forward-looking statements. These statements may be identified by words such as “expect”, “should”, “could”, “shall” and similar expressions. Wolters Kluwer cautions that such forward-looking statements are qualified by certain risks and uncertainties that could cause actual results and events to differ materially from what is contemplated by the forward-looking statements. Factors which could cause actual results to differ from these forward-looking statements may include, without limitation, general economic conditions; conditions in the markets in which Wolters Kluwer is engaged; behavior of customers, suppliers, and competitors; technological developments; the implementation and execution of new ICT systems or outsourcing; and legal, tax, and regulatory rules affecting Wolters Kluwer’s businesses, as well as risks related to mergers, acquisitions, and divestments. In addition, financial risks such as currency movements, interest rate fluctuations, liquidity, and credit risks could influence future results. The foregoing list of factors should not be construed as exhaustive. Wolters Kluwer disclaims any intention or obligation to publicly update or revise any forward-looking statements, whether as a result of new information, future events or otherwise.