Legal and accountancy publishing and software provider Wolters Kluwer is facing a social media backlash over its perceived failure to communicate with customers after suffering a malware incident that has seen it take its platform offline.
Platforms and applications became unavailable on Monday 6 May, with Wolters Kluwer initially saying it was experiencing network and service interruptions. On 7 May, the Netherlands-headquartered publisher issued a statement saying: “Out of an abundance of caution, we proactively took offline a number of other applications as we continue to investigate any impact.”
Users, who at that stage were unaware of the malware, became progressively more furious on Twitter, with Diana Shaw Knight at accounting firm CPA Group commenting: “How about an update? I have clients screaming. I need my data. I trusted you and you FAILED. Communication that means something rather than a Monday morning surprise would be quite nice.”
A second update from Wolters Kluwer on 7 May said: “Since yesterday, May 6, we are experiencing network and service interruptions affecting certain Wolters Kluwer platforms and applications. Out of an abundance of caution, we proactively took offline a number of other applications and we immediately began our investigation and remediation efforts.
“The secure use of our products and services is our top priority. We have been able to restore the network and services for a number – but not all – of our systems. We are still investigating the root cause of the interruptions, with assistance from third-party consultants.
“At this time, there is not indication that our customers’ data has been compromised. It is part of our ongoing and thorough investigation.”
Rob Pasquesi, a former Grant Thornton audit senior manager and founder of Pasquesi Partners said: “Can you please send an email or let us know when the software and what products will be live?”
Craig Venokur, a certified public accountant out of New York said: “So why don’t you just say you were hacked…your customer service is horrible. You don’t send email or anything to let anyone know what the hell is going on. We spend thousands of dollars on your service and now you’re costing all of us thousands of dollars.”
He adds: “I have a 5/7 deadline – today – and can’t access a document, where I need information from prior year. Wolters Kluwer, you are going to be responsible for any penalties and interest.”
A further update from Wolters Kluwer on 7 May said: “We can confirm we have discovered the installation of malware.” It added: “By taking a broader range of platforms and applications offline, we aimed to quickly limit the impact this malware could have had, giving us the opportunity to investigate the issue with assistance from third-party forensics consultants and work on a solution.
“We regret any inconvenience and that we were unable to share more information initially. We have seen no evidence that customer data was taken or that there was a breach of confidentiality of that data. Also, there is no reason to believe that our customers have been infected through our platforms and applications. Our investigation is ongoing. We want to apologise for any inconvenience this may have caused.”
While users inevitably expressed concern over the details of the breach many have notably vented over the lack of communication with Ed Cheeseman, COO of Hutchinson and Bloodgood, commenting: “So, two days down and we still don’t have access to our apps. You do not have evidence that client data was taken, but is that due to lack of monitoring software or is there robust monitoring that shows that no data was ex-filtrated? Why is your client communication so poor?”
Wolters Kluwer has acknowledged its limited communication and in a media statement said:
“On Monday, May 6, we started seeing technical anomalies in a number of our platforms and applications. We immediately started investigating and discovered the installation of malware. As a precaution, in parallel, we decided to take a broader range of platforms and applications offline. With this action, we aimed to quickly limit the impact this malware could have had, giving us the opportunity to investigate the issue with assistance from third-party forensics consultants and work on a solution. Unfortunately, this impacted our communication channels and limited our ability to share updates.
“On May 7, we were able to restore service to a number of applications and platforms.
“We regret any inconvenience and that we were unable to share more information initially, as our focus was on investigation and restoring services as quickly as possible for our customers.”
However social media users have questioned whether Wolters Kluwer could have used Twitter to communicate more regularly with its customers which, as Lex.blog’s Kevin O’Keefe points out: “Seems imperative in a crisis like this to inform/build trust.”
For customers in North America there is a temporary number to call as Wolters Kluwer brings its support centers back online. That number is 800-930-1753.
According to US LawSites reporter Bob Ambrogi, Wolters Kluwer has communicated with its legal customers to say the research platform Cheetah will be back online on 9 May at 10am EDT. Certain features such as Smart Charts, Tax Reporters Plus Suite and some news content will not be immediately available.