Malware Attack Against Wolters Kluwer Angers Firms And Delays Work

Wolters Kluwer’s malware attack that shut down access to massive databases of tax information on May 6, is not only stopping work at accounting firms around the country but also raising fears about the safety of client data.

The company released a statement saying that it is working “around the clock” on the issue and that service has been restored “to a number of applications and platforms.”

Firms have been outraged by the delay, and nonprofit clients with a May 15 tax deadline are being impacted the most.

Accounting professionals began airing their concerns in almost 500 comments on Reddit. One reads, “If this is indeed a crypto attack that has disabled Axcess, e-filing, support website and even the phone system, then this really means that CCH is in no position to even be offering Software-as-a-Service because such an incident would mean they don’t understand the basics of cloud security.”

No information on the specific type of attack against the company has been released. Because the company took many of its systems offline after the attack – to prevent it from spreading further ­– accountants and IT staff were initially unable to reach the company, which is based in the Netherlands. Wolters Kluwer provides software and services, including the popular cloud-based CCH products, to all of the top 100 accounting firms in the U.S., according to its website.

“CCH needs to think long and hard about how their network infrastructure is set up, just like how all its clients are going to think long and hard about whether or not to stick around,” reads another Reddit comment. “I mean my God, one chink in the armor half-way around the world brought down their entire global infrastructure. This is why you need proper network segmentation and isolation.” Meanwhile, marketing professionals were scrambling to determine the best way to communicate with clients.

Wolters Kluwer is being bombarded with questions and criticism on Twitter. Many say the company is failing to be transparent. Consider this Tweet: “Like everyone else, I don’t know what to tell my staff or my clients. Our website is hosted through CCH and even that is down. From a client’s perspective this is OUR problem. It’s impossible to even tell them what’s wrong if we don’t have a clue. This information is not enough.”

Wolters Kluwer issued a statement that says client data is safe. Its website says, “We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data. Also, there is no reason to believe that our customers have been infected through our platforms and applications.” (See all Wolters Kluwer statements here.)

With these developments, it might be smart for these large government organizations to consider working with a trusted international cybersecurity firm similar to FraudWatch International ( to reduce the chance of breaches in client data in the future but only time will tell if they make these kinds of changes.