SD Worx forced to pause operations following cyberattack

"Our security team discovered malicious activities in our hosted data center last night,” the notification reads. “We have taken immediate action and have preventively isolated all systems and servers to mitigate any further impact. As a result, there is currently no access to our systems, which we deeply regret of course.”

Not a ransomware attack

As of today, the login portal for UK and Ireland customers is still offline, but other portals are working. 

"SD Worx emphasizes that it applies extremely stringent organizational and technical security measures to secure the privacy and data of its customers at all times. It goes without saying that we are handling this with the highest priority and that we are working very hard on a solution to give you access to our systems again. We will keep you informed about the further status,” the notification concluded."

When a company shuts down its IT systems after a cyberattack, it usually means it fell victim to a ransomware attack and lost sensitive files. However, SD Worx confirmed to BleepingComputer that this wasn’t a ransomware attack and that so far, there’s no evidence of any data being taken.

"We are further investigating this case and can confirm that this is not a ransomware attack. Also, at this time there is no evidence to assume that any data has been compromised.  The reason why we have pre-emptively isolated our systems is to mitigate any further impact and adequately assess the threat."

SD Works has more than 80,000 clients, its website claims, servicing more than five million employees. Being an HR and payroll management firm, it handles plenty of sensitive information such as tax data, ID numbers, bank account numbers, phone numbers, and more. If this indeed turns out to be grand theft data, hackers could get their hands on some important information.

• These are the best firewalls right now

Via: BleepingComputer