This article is more than 1 year old

Late with your financial paperwork? Here's a handy excuse: Malware smacked your bean-counter cloud offline

Accountancy SaaS CCH falls over, thanks to nasty infection

A global software-as-a-service platform catering to accountants is in damage control mode after a malware infection knocked its services offline.

Netherlands-headquartered Wolters Kluwer, the software company behind the CCH suite of web-based tax preperation tools for professional accountants, said in a statement it does not believe any customer data (or any of its corporate data) was stolen during the cyber-outbreak.

The developer on Tuesday confirmed a report from Accounting Today that a Monday outage of CCH was indeed the result of an unspecified malware that had infiltrated its network.

"On Monday, May 6, we started seeing technical anomalies in a number of our platforms and applications. We immediately started investigating and discovered the installation of malware," spokespeople for Wolters Kluwer said. "As a precaution, in parallel, we decided to take a broader range of platforms and applications offline."

Though Wolters Kluwer said that as of Tuesday it had been able to restore normal service for "a number of applications and platforms," multiple sites, including the CCH support portal, remained inaccessible at the time of writing, and customers have reported being unable to get into the service.

Some users have reported receiving notifications that the service would stay offline until Wednesday.

The company maintained that while the services were knocked offline, it does not have any indication that the malware had been able to access any customer data (though Wolters Kluwer notes that the investigation is ongoing, leaving plenty of time for that to change).


NSA foreign spying, biotech snooping, Hamas hackers bombed, airline cams, and much more from infosec land


"We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data," the dev said in its statement. "Also, there is no reason to believe that our customers have been infected through our platforms and applications."

Though there has been speculation the malware behind the attack was a ransomware strain, security firm Ariento (whose clients including accounting firms) is advising companies running CCH not to freak out just yet.

"Some strains of ransomware have back doors built into them that allow unauthorized access to data, and some do not (they simply try to extort money, but never give unauthorized access to the data)," noted Ariento partner Chris Rose.

"Assuming CCH has good backup in place, it is possible that even if they did get hit by ransomware, no data will be lost or accessed by a hacker, and there will be no data breach to report." ®

More about


Send us news

Other stories you might like