A malware attack against accounting software giant Wolters Kluwer is causing a ‘quiet panic’ at accounting firms

A Malware Attack on Wolters Kluwer Sparks Quiet Panic in Accounting Firms

In May 2019, Wolters Kluwer, a global provider of tax and accounting software, experienced a significant malware attack that disrupted operations for numerous accounting firms, banks, and Fortune 500 companies. The incident caused widespread concern within the financial sector and highlighted vulnerabilities in the digital infrastructure of critical industries.

The Scope of Wolters Kluwer’s Impact

Wolters Kluwer is a cornerstone of the accounting and financial services industries, serving all of the top 100 U.S. accounting firms, 90% of global top banks, and 93% of Fortune 500 companies. Their software and cloud services are essential for tax preparation, financial reporting, and data storage. Headquartered in the Netherlands, the company generated approximately $4.8 billion in revenue in 2019, reflecting its vital role in global financial operations.

The malware attack began on May 6, 2019, at 8:00 AM Eastern Time, prompting the company to take numerous platforms offline to contain the damage. This included critical systems used for communication and client services. The outage left accounting professionals unable to access client tax returns, working papers, or other vital financial information.

This disruption coincided with a critical tax filing period for non-profit organizations, intensifying the impact on accountants and firms. The inability to access cloud-stored data forced many professionals to adopt manual methods to meet looming deadlines—a stark contrast to the digital efficiencies they rely upon.

The Attack: Details and Timeline

While Wolters Kluwer did not disclose the specific nature of the malware, cybersecurity experts drew comparisons to the 2017 NotPetya ransomware attack. NotPetya caused widespread havoc by encrypting data and rendering entire systems unusable, disrupting businesses globally. Similarly, the Wolters Kluwer attack involved rapid system compromises, leading the company to isolate its infrastructure to prevent further spread.

By midweek, Wolters Kluwer had begun restoring some services, but many users reported ongoing access issues. Elizabeth Queen, Vice President of Risk Management at Wolters Kluwer, stated that the company was working “around the clock” to resolve the situation. However, the attack’s magnitude and the temporary shutdown of communication systems made it difficult for affected clients to stay informed.

“It really gave us the opportunity to investigate the problem safely,” Queen said. “It takes time to gather information, and we are informing our customers and employees about the situation, updating them as best we can.”

Communication Breakdowns and Client Frustrations

The decision to disable communication systems—a necessary precaution to prevent malware propagation—created significant challenges for both Wolters Kluwer and its clients. Accountants across the country described difficulties in contacting customer support or obtaining updates about the status of the restoration efforts.

One accountant in the Southeast explained that his firm, which relies on Wolters Kluwer’s cloud servers for client data, was unable to access documents by midweek. The firm resorted to contacting a newly provided backup support number, only to receive a generic message indicating no timeline for full restoration.

“It’s frustrating to operate in the dark,” the accountant said. “We’ve got filing deadlines, and clients are asking questions we can’t answer because we simply don’t know what’s happening.”

Similarly, a cybersecurity professional at a Big Four accounting firm noted that her team had implemented additional safeguards to limit potential exposure. She said her firm was in close contact with Wolters Kluwer, but the uncertainty surrounding the situation made proactive measures critical.

The Quiet Panic in the Accounting World

The timing of the malware attack heightened its impact. Many accounting firms were in the midst of preparing returns for non-profit organizations, which face a May 15 filing deadline. For smaller firms, which lack the IT resources of larger corporations, the attack posed existential challenges.

One accountant from a Midwest-based firm described the atmosphere as one of “quiet panic.” While clients were not panicking en masse, the lack of access to critical data and the uncertainty about data integrity created a sense of unease within the accounting community.

“I’d characterize it as a bit of a ‘quiet panic’ right now in the corporate accounting world, without a lot of information,” he said. “For the most part, clients have been understanding, but if this stretches on much longer, it could become a serious issue.”

Data Security Concerns

A key concern during the incident was whether sensitive client data had been accessed or compromised. Wolters Kluwer issued reassurances, stating that their investigation had found no evidence of data exfiltration or breaches of confidentiality. However, the attack raised broader questions about the security of cloud-based systems in the accounting industry.

Elizabeth Queen emphasized that no evidence suggested customers had been infected via Wolters Kluwer’s platforms. Still, firms took precautions, including isolating systems and conducting internal audits to ensure no residual malware was present. These measures were particularly crucial for large organizations, which have interconnected systems that could amplify the effects of a malware attack.

Cybersecurity in the Financial Sector

The Wolters Kluwer incident underscores the critical importance of robust cybersecurity measures in industries that handle sensitive financial data. The financial sector is a prime target for cybercriminals due to the high value of the data stored on its systems.

In recent years, ransomware and malware attacks have become increasingly sophisticated. Cybercriminals exploit vulnerabilities in software, employee behavior, and third-party integrations to infiltrate systems. For companies like Wolters Kluwer, which serve as hubs for vast amounts of data, the stakes are even higher.

The attack also highlights the ripple effects of cyber incidents. When a single service provider experiences downtime, the impact can cascade across multiple industries, disrupting operations far beyond the immediate victim. This interconnectedness necessitates a proactive approach to risk management and incident response.

Lessons Learned and Future Preparedness

The Wolters Kluwer attack offers several key takeaways for the accounting and financial sectors:

1. Diversified Systems: Relying on a single service provider creates a single point of failure. Firms should consider diversifying their technology stack to mitigate risks associated with outages.
2. Incident Response Plans: Robust incident response plans, including clear communication protocols, can help organizations navigate crises more effectively.
3. Regular Security Audits: Routine security audits and penetration testing can identify vulnerabilities before they are exploited.
4. Employee Training: Human error remains a common entry point for cyberattacks. Regular training on recognizing phishing attempts and following security protocols is essential.
5. Backup Strategies: Ensuring offline access to critical data can prevent disruptions during service outages.

Wolters Kluwer’s Road to Recovery

As Wolters Kluwer worked to restore services, it faced the challenge of rebuilding trust with its clients. Transparency and consistent communication were crucial in reassuring customers about the safety and reliability of its platforms.

In its post-incident analysis, the company highlighted improvements to its security infrastructure and incident response capabilities. These measures aimed to prevent future incidents and demonstrate a commitment to protecting client data.

Conclusion

The malware attack on Wolters Kluwer serves as a cautionary tale for the accounting and financial industries. It exposed vulnerabilities in digital systems and emphasized the importance of cybersecurity in safeguarding sensitive information. While the immediate crisis was eventually resolved, the incident prompted a reevaluation of risk management practices across the sector.

As cyber threats continue to evolve, organizations must remain vigilant and proactive in their defense strategies. The lessons learned from Wolters Kluwer’s experience can guide future efforts to strengthen resilience and ensure the continuity of essential services.