The European provider of payroll and HR services SD Worx has been forced to shut down UK and Ireland services after suffering a cyber attack. The Antwerp, Flanders, Belgium-based company said the attack came to light after detecting malicious activity on its hosted data center on April 10, 2023.
Subsequently, the company took “immediate action” to contain the threat and notified its customers about service unavailability.
With a workforce of over 7,000 HR professionals, SD Worx serves over 5 million employees and 82,000 regular customers in 150 countries. In 2022, it had a consolidated revenue of over €962 million ($1.05 billion).
A cyber attack disrupts SD Worx HR services in the UK and Ireland
European HR and payroll management company SD Worx shut down servers in the UK and Ireland division and began notifying customers that it had suffered a cyberattack.
“Our security team has discovered malicious activities in our hosted data centre last night. We have taken immediate action and have pre-emptively isolated all systems and servers to mitigate any further impact,” the company told UK and Ireland customers.
UK clients who attempted to access the customer portal received a “504 Gateway Timeout” error.
“As a result, there is currently no access to our systems, which we deeply regret of course,” the HR services company said.
However, Irish Intelligo customers were spared because their systems are independent of SD Worx systems.
Nevertheless, the HR services company said it was doing its best to restore access to the impacted systems.
“It goes without saying that we are handling this with the highest priority and that we are working very hard on a solution to give you access to our systems again. We will keep you informed about the further status.”
However, the Belgian HR services giant did not give a timeline for resolving the cyber attack.
SD Worx: the cyber incident was not a ransomware attack
Despite its incident response suggesting a ransomware attack, the HR services company denied that allegation.
Additionally, SD Worx dispelled customers’ fears that sensitive data was stolen during the cyber attack.
“We are further investigating this case and can confirm that this is not a ransomware attack. Also, at this time, there is no evidence to assume that any data has been compromised.”
Additionally, the HR services company assured its customers that it took the security and privacy of their sensitive data seriously.
“SD Worx emphasizes that it applies extremely stringent organizational and technical security measures to secure the privacy and data of its customers at all times.”
However, customers should remain cautiously optimistic because the full impact of a cyber attack often becomes clear months after the incident.
SD Worx handles vast amounts of sensitive customer data such as personally identifiable information, government IDs, and tax and financial information. Leaking such information could irreparably hurt its clients, leading to expensive lawsuits.
SD Worx is hardly the only HR services company targeted by cybercriminals. In March 2021, PrismHR suffered a cyber attack that disrupted services throughout the United States.
Similarly, Kronos, a UKG company, suffered a confirmed ransomware attack in December 2021 on the Kronos Private Cloud (KPC), affecting UKG Workforce Central, UKG TeleStaff, and other services.
