SD Worx forced to pause operations following cyberattack

(Image credit: Pixabay)

HR software and payroll powerhouse SD Worx suffered a cyberattack last week, forcing it to shut down some of its IT systems.

In a notification issued to potentially affected customers, SD Worx said it spotted malicious behavior in its networks and endpoints, so in order to isolate the threat, ceased operation of its systems for UK and Ireland customers.

"Our security team discovered malicious activities in our hosted data center last night,” the notification reads. “We have taken immediate action and have preventively isolated all systems and servers to mitigate any further impact. As a result, there is currently no access to our systems, which we deeply regret of course.”

Not a ransomware attack

As of today, the login portal for UK and Ireland customers is still offline, but other portals are working. 

"SD Worx emphasizes that it applies extremely stringent organizational and technical security measures to secure the privacy and data of its customers at all times. It goes without saying that we are handling this with the highest priority and that we are working very hard on a solution to give you access to our systems again. We will keep you informed about the further status,” the notification concluded."

When a company shuts down its IT systems after a cyberattack, it usually means it fell victim to a ransomware attack and lost sensitive files. However, SD Worx confirmed to BleepingComputer that this wasn’t a ransomware attack and that so far, there’s no evidence of any data being taken.

"We are further investigating this case and can confirm that this is not a ransomware attack. Also, at this time there is no evidence to assume that any data has been compromised.  The reason why we have pre-emptively isolated our systems is to mitigate any further impact and adequately assess the threat."

SD Works has more than 80,000 clients, its website claims, servicing more than five million employees. Being an HR and payroll management firm, it handles plenty of sensitive information such as tax data, ID numbers, bank account numbers, phone numbers, and more. If this indeed turns out to be grand theft data, hackers could get their hands on some important information.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.