Wolters Kluwer Tax & Accounting is keeping much of CCH’s functionality offline as a precaution against any possible further compromise of data, according to the company's latest announcement.
Following a
“The service interruption that began May 6 was due to our proactive efforts to isolate the threat, as well as the sequential nature in which we are restoring our suite of applications and platforms,” Marisa Westcott, vice president of global communications and marketing, said in a statement provided to media.
“At this time, we have notified law enforcement and our investigation is ongoing,” she continued. “We regret any inconvenience this has caused, and we are fully committed to restoring remaining services as quickly as possible for our customers.”
While unsubstantiated rumors circulate about how this breach occurred, and where it may have originated, cybersecurity expert Wesley McGrew. PhD, director of cyber operations for Horne Cyber, said it’s almost impossible to know how such a breach really starts.
“The investigation requires bringing in incident responders and security specialists to figure out how the [cybercriminals] got in in the first place,” he said. “Bringing the systems offline was done out of prudence — you can’t have people uploading files without knowing exactly what the situation is.”
Horne Cyber is a subsidiary company of Horne LLP, a firm that uses CCH products and was affected by the outage.
“Every indication is that [Wolters Kluwer Tax & Accounting] is doing what they should be doing,” McGrew said. “Responding and investigating, and they seem to be staging back online in a measured fashion, which is probably smart. The worst you can do is rush to get back online, still have an infection, and leak even more data.”
Regarding the compromise of client data, a letter from a regional representative sent to clients stated, "It’s important to clarify that although there was malware on our network, we have seen no evidence that customer data and systems were compromised or that there was a breach of confidentiality of that data."
This letter also stated that products would be brought back online in the following order:
- CCH SureTax (online)
- CCH Axcess (online)
- CCH AnswerConnect (online)
- CCH Intelliconnect (online)
- CCH Account Research Manager (online)
The following products are still in process:
- Electronic Filing System (ELF for medium and large firm customers)
- CCH Global fx
- ATX & TaxWise electronic filing
- TaxWise Online
The letter reiterated Wolters Kluwer's security response: "In short, the service interruptions you have experienced are primarily the result of our aggressive, precautionary efforts to ensure the safety of your data. This is why at this time we are confident that we see no indication of data loss or other effects, nor any potential risk to our customers’ data."
Update Friday May 10, 1:38 p.m. E.T.: The company updated media on product status:
Now online:
- CCH SureTax
- CCH Axcess
- CCH AnswerConnect
- CCH Intelliconnect
- CCH Account Research Manager
- Electronic Filing System (ELF for medium and large firm customers)
- ATX & TaxWise desktop electronic filing
- CCH Global fx
In process:
- TaxWise Online
