SD Worx shuts down UK payroll, HR services after cyberattack

Belgian HR and payroll giant SD Worx has suffered a cyberattack causing them to shut down all IT systems for its UK and Ireland services.

SD Worx is a European HR and payroll management company based out of Belgium that services 5.2 million employees for over 82,000 companies, according to its website.

Today, SD Worx began notifying customers that its UK and Ireland division suffered a cyberattack leading them to shut down IT systems to contain the attack.

"Our security team has discovered malicious activities in our hosted data centre last night. We have taken immediate action and have preventively isolated all systems and servers to mitigate any further impact. As a result, there is currently no access to our systems, which we deeply regret of course," reads a security advisory to SD Worx UK and Ireland customers.

"SD Worx emphasises that it applies extremely stringent organisational and technical security measures to secure the privacy and data of its customers at all times. It goes without saying that we are handling this with the highest priority and that we are working very hard on a solution to give you access to our systems again. We will keep you informed about the further status."

While the login portals for other European countries are working correctly, the company's UK customer portal is not accessible.

While there is no further information as to what type of cyberattack the company suffered, a customer has told BleepingComputer that there is concern that sensitive data was stolen during the attack.

As a full-service human resources and payroll company, SD Worx manages a large amount of sensitive data for its client's employees.

According to the company's general conditions agreement, this data may include tax information, government ID numbers, addresses, full names, birth dates, phone numbers, bank account numbers, employee evaluations, and more.

Other past attacks against payroll and HR management companies have led to lawsuits for inadequately protecting customers' data. 

In 2021, a cyberattack against PrismHR caused a massive customer outage. Later that year, a ransomware attack against Kronos led to the filing of a class action lawsuit against the company.

Update 4/10/23: SD Worx told BleepingComputer that they are still investigating the incident but have confirmed it was not a ransomware attack.

"We are further investigating this case and can confirm that this is not a ransomware attack. Also, at this time there is no evidence to assume that any data has been compromised.  The reason why we have pre-emptively isolated our systems is to mitigate any further impact and adequately assess the threat." - SD Worx.