SD Worx halts UK payroll, HR services after cyberattack
Customer portal remains inaccessible
European HR and payroll management company SD Worx has been forced to shut down the IT infrastructure that supports its payroll and HR services in the UK.
The company started informing customers on Monday that its UK and Ireland division had been the target of a cyberattack, forcing the company to close its IT systems to contain the damage.
"Our security team has discovered malicious activities in our hosted datacentre last night," the company said in an advisory to UK and Ireland customers.
SD Worx claims to have taken "prompt" action by proactively isolating its systems and servers to prevent additional damage.
Consequently, the customer portal for SD Worx in the UK is currently inaccessible, although the login portals for other European countries are functioning normally.
"It goes without saying that we are handling this with the highest priority and that we are working very hard on a solution to give you access to our systems again. We will keep you informed about the further status," the company said.
SD Worx employs more than 7,000 people and caters to 5.2 million employees across 82,000 companies. The company reported net turnover exceeding €962 million in 2022.
Last year SD Worx expanded its market presence by acquiring the Croatian HR and payroll software provider HRPRO, helping it expand to Central and South-Eastern Europe.
It also bolstered its position in Spain and Ireland by acquiring Integhro and Intelligo, respectively.
As an HR and payroll company, SD Worx deals with a high volume of sensitive employee data.
A customer told BleepingComputer that it has concerns about the possibility of data theft following the attack.
The data SD Worx handles can include tax-related information, government ID numbers, full names, addresses, birth dates, phone numbers, bank account numbers and employee evaluations, among other details.
In a statement to BleepingComputer the company said the attack did not involve ransomware, and there is currently no indication to suggest that any data has been compromised.
The cyberattack on SD Worx is the latest in a series of attacks targeting payroll and HR management firms.
In 2021, PrismHR was the victim of a cyberattack that resulted in a significant customer outage.
Also in 2021, a ransomware attack hit workforce management solutions provider Ultimate Kronos Group (UKG), impacting its private cloud services including Workforce Central, TeleStaff, Banking Scheduling Solutions and Healthcare Extensions.
Microsoft reported earlier this year that it was monitoring more than 100 ransomware groups that had deployed more than 50 distinct ransomware families by the end of 2022.
The company warned that criminals were capitalising on techniques such as phishing, fake software updates and unpatched vulnerabilities.
As per Microsoft, phishing attacks are the most prevalent approach employed by attackers to gain initial access to networks.
The company also raised concerns about the surge of malvertising as the first stage of attacks, where criminals purchase online advertisements for products that, when downloaded and installed, infect the user's system with malware.
The attackers then exploit the malware to distribute ransomware.