Most of Wolters Kluwer Legal and Regulatory products including the  Cheetah platform  and RBSource  have been offline for more than twenty four hours. To make matters worse – customer can’t reach them.  All of their phone and communication systems have been offline.  Their customer service number rings and rings —no answer – there have been no legal  news updates on their website since May 3rd. On Tuesday I posted a message which Wolters Kluwer wanted to reach their customers.

A prominent cyber-security blog Krebs on Security   has posted a disturbing report that Wolters Kluwer was aware of a security problem last Friday. It indicates that the problem may have originated in a  tax software product from the Tax & Accounting division. According to the blog post  “file directories containing new versions of CCH’s software were open and writable by any anonymous user, and that there were suspicious files in those directories indicating some user(s) abused that access.”  Krebs reported seeing “a few odd PHP and text files in the CCH Directories , including one that seemed to be promoting two different and unrelated Russian language discussion forums.” Shortly after Krebs reported the problem to Wolters Kluwer, the CCH file directory for tax software downloads was taken offline.

If there is any good news in this for law firms – they generally do not subscribe to the kind of accounting software implicated in the report above. It is accounting firms that are at the greatest risk.

Krebs also links to a Reddit thread which is full of theories about the cyber problems. One post suggests that this may be linked to a recent surge in MegaCortex ransomeware attacks.

Law firms are prime targets for hackers – they are rich in secrets: private equity and M&A deal data, intellectual property and trade secrets, financial and litigation risks involving clients. Given that reality,  it is a terrifying prospect that a research vendor could unwittingly provide a back door to a law firm network. Let us hope that the Wolters Kluwer suite of legal research products are not impacted by the malware attack at Wolters Kluwer. Let’s hope that it is true – that they have been taken offline out of an abundance of caution and access will soon be restored to subscribers. However – I remain puzzled that Wolters Kluwer did not warn all of their customers about the potential risks as soon as they became aware of the breach last Friday.

I reached out to representatives from Wolters Kluwer tonight asking for a comment of the Krebs report. I have not yet gotten a response.