SD Worx, a Belgian HR and payroll giant that services 5.2 million employees for over 82,000 companies, suffered a cyberattack that led them to shut down all IT systems for its UK and Ireland services.
According to the company, its security team discovered malicious activities in the hosted data center, and they have taken immediate action by preventing access to all systems and servers to mitigate any further impact.
The company’s UK customer portal is currently not accessible, and while there is no information about the type of cyberattack the company suffered, a customer has expressed concerns about sensitive data being stolen during the attack.
As a full-service human resources and payroll company, SD Worx manages a large amount of sensitive data for its clients’ employees, including tax information, government ID numbers, addresses, full names, birth dates, phone numbers, bank account numbers, and employee evaluations, among others.
In the past, attacks against payroll and HR management companies have led to lawsuits for inadequately protecting customers’ data.
For instance, a cyberattack against PrismHR caused a massive customer outage in 2021, and later that year, a ransomware attack against Kronos led to the filing of a class action lawsuit against the company.
SD Worx emphasises that it applies extremely stringent organisational and technical security measures to secure the privacy and data of its customers at all times. The company is handling the incident with the highest priority and working hard to give customers access to its systems again. As of 4 October 2023, the company is still investigating the incident but has confirmed that it was not a ransomware attack.
SD Worx’s security breach highlights the importance of implementing strong security measures and preparedness protocols to mitigate the impact of cyberattacks on businesses and their customers.
