On May 6, 2019, a user noticed that the directories where updates to the company’s tax software were hosted were fully accessible (write and modify) by users. Suspicious files were present in the directory suggesting users had gained inappropriate access to the company’s file repository. This drew into question the security of the platform, which left users unsure of the extent of the breach, potentially affecting its customers’ sensitive client data.
Wolters Kluwer offers a wide array of financial and compliance software tools, including OneSumX, which provides mortgage lending, administration, and compliance software. In response to the breach, the company took many of its applications offline while it investigated the extent of the breach.
On May 13, the company issued a press release noting that the majority of the offline services had been restored. However, the company noted that select applications were still unavailable, leaving many customers confused and disappointed with the company’s poor communication throughout the outage and concerned about the future security of the company’s services.
In response to the breach, the Internal Revenue Service provided a seven-day extension to customers of the company for tax return types 990, 1120, and 1065.
Source: SoftwareReviews, Accessed July 4, 2019
The breach at Wolters Kluwer highlights the critical importance of rigorous IT best practices. This instance highlights the need for security audits and procedures, data governance, and information security.
The breach has frustrated users, potentially causing them to reevaluate their product choice as well as their vendor relationship due to the company’s poor communications with customers throughout the service outage.