Belgian human resources and payroll giant SD Worx suffered a cyberattack that forced it to shut down all IT systems in its departments in the UK and Ireland.
SD Worx is a Belgium-based European human resources and payroll management company that serves 5.2 million employees for more than 82,000 companies, according to his website.
Today SD Worx began notifying customers that its UK and Ireland division had suffered a cyberattack, leading them to shut down IT systems to contain the attack.
“Our security team discovered malicious activity in our hosted data center last night. We took immediate action and preemptively isolated all systems and servers to mitigate any further impact. Therefore, there is currently no no access to our systems, which we of course deeply regret,” reads a security notice to SD Worx UK and Ireland customers.
“SD Worx emphasizes that it applies extremely strict organizational and technical security measures to protect the privacy and data of its customers at all times. It goes without saying that we treat this with the highest priority and are working very hard on a solution to give you access to our systems again. We will keep you informed of the rest.”
While the login portals for other European countries are working fine, the company’s UK customer portal is not accessible.
Although there is no further information on the type of cyberattack suffered by the company, one customer told BleepingComputer that he fears sensitive data was stolen in the attack.
As a full-service human resources and payroll company, SD Worx manages a large amount of sensitive data for its customers’ employees.
According to the company terms and conditions contractthis data may include tax information, government identification numbers, addresses, full names, dates of birth, phone numbers, bank account numbers, employee ratings, and more.
Other past attacks on payroll and HR companies have led to lawsuits for inadequate protection of customer data.
BleepingComputer contacted SD Worx with questions regarding the cyberattack but did not receive a response.