Cybercrime , Fraud Management & Cybercrime , Ransomware

IRS Gives Hacked Accounting Software Customers a Reprieve

7-Day Extension Offered to Users of Wolters Kluwer CCH Software After Attack
IRS Gives Hacked Accounting Software Customers a Reprieve

Good news for customers of accounting software vendor Wolters Kluwer: The U.S. Internal Revenue Service has given you a 7-day extension to submit several different types of filings that are coming due.

See Also: Value Drivers for an ASM Program

Bad news: The extension was granted because the accounting software giant was hacked on May 6, resulting in the vendor's cloud-based CCH bookkeeping and accounting software going offline. As a result, CCH users couldn't handle required tasks on behalf of their customers, including submitting electronic tax filings to the IRS (see: Malware Knocks Out Accounting Software Giant Wolters Kluwer).

"The IRS has approved extensions for tax return types 990, 1120 and 1065 filings that were impacted by the May 6 service interruption of Wolters Kluwer CCH software," the software vendor says in a Monday security update, noting that it alerted all customers to the extension on Friday.

"We reiterate that as of today we have not seen any evidence that customer data or systems were compromised or that there was a breach of confidentiality of customer data."
—Wolters Kluwer

"Impacted filers now have until May 22, 2019, a 7-day extension, to file," it says. "As long as the filing is done on or before the extension date, it will not be considered late by the IRS and, consequently all related penalties and interest will be waived."

Based in the Netherlands, Wolters Kluwer is a $4.8 billion global information services company that develops the CCH suite of tax and accounting software, which is available in both on-premises and software-as-a-service form. The company's 2018 annual report states: "Our customers include 90 percent of U.S. academic medical centers, 93 percent of Fortune 500 companies, 100 percent of the top U.S. accounting firms and 90 percent of the world's top banks."

Cloud-based CCH accounting and tax software from Wolters Kluwer

Wolters Kluwer said Monday that it was still working to fully restore all systems for customers, seven days after being hit by malware. The company has yet to comment on the type of malware - or potentially ransomware - that infected its systems.

"We continue to work around the clock to restore remaining services and we are actively communicating with our customers to update them on the latest status and to provide guidance and support," it says.

As a result of the outage, customers have been left unable to do their job or access their clients and customers' data.

Wolters Kluwer is still recovering. "We can now confirm that over the past few days we have restored service to the vast majority of our customer applications and platforms," the company said in its Monday security update. "Our processes and protocols provide a high degree of confidence in the security of our applications and platforms before they are brought back online. We reiterate that as of today we have not seen any evidence that customer data or systems were compromised or that there was a breach of confidentiality of customer data."

That's good news for CCH users as well as their customers.

File Under: Third-Party Risk

Indeed, one of the principal worries over a hack attack against an online software provider is that it might be a stepping stone to directly targeting not just users, but their customers.

"If I were targeting a tax software provider, my primary target would be the e-filing system. This is the interface with the IRS," one CCH-using accountant, who asked not to be named, tells Information Security Media Group. "This is apparently a huge target for hackers because they can e-file fake returns for real taxpayers with bogus numbers to generate refunds" (see: Russian Charged in $1.5 Million Cyber Tax Fraud Scheme).

Another big concern is that attackers might use the software provider's systems against customers, for example, to serve malware. In other words, the vendor's servers could become a malware launch pad able to reach into global banks, accountancies and big businesses' financial departments.

In 2016, for example, attackers hacked into an accounting software provider in Ukraine, then used its software update server to distribute NotPetya crypto-locking malware, which quickly infected numerous organizations inside and outside the country.

NotPetya resulted in massive losses for some firms, including up to $300 million for both Danish shipping company A.P. Møller - Maersk as well as Fedex's TNT Express division. Another NotPetya victims, U.K.-based Reckitt Benckiser, which makes household and pharmaceutical goods, took a $129 million hit.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.