Wolters Kluwer allegedly hit by data breach, threatening Fortune 500 firms

Hackers are claiming they’ve cracked open the vault of Wolters Kluwer, the $7 billion financial software titan serving Fortune 500 companies.

A threat actor has popped up on a popular cybercrime forum, offering what they claim is a fresh dataset ripped from Dutch financial software heavyweight Wolters Kluwer.

The company pulls in nearly $7 billion annually and serves a significant chunk of US accounting firms, banks, and Fortune 500 companies.

Its reach spans just about every high-stakes industry. Some of the company’s clients include British Airways, Emirates, American Airline, Boeing, Rolls Royce, and BP.

If the claims are legit, this breach could touch a lot of sensitive corners. A sample of the alleged leak shows full names, emails, phone numbers, home addresses, job and university info, and even social media accounts and tokens.

The dataset ranges between 3GB and 6GB in size. While the dump does not contain passwords, security researchers at Cybernews say the leak is far from harmless.

Don’t miss our latest stories on Google News

Follow us

“This kind of data can fuel highly personalized phishing campaigns and impersonation attempts,” they warned.

“To some extent, threat actors could use data for identity impersonation and try to hijack victims’ accounts.”

In other words, you don’t need a password if you can talk your way into an account. Armed with enough real-sounding details, hackers can impersonate executives, fake customer service emails, or even slide into your DMs with just enough accuracy to make you click.

The starting bid for the data is $15,000, and the threat actor claims that the stolen data will be sold only once.

Wolters Kluwer sent us the following statement.

“We are aware of this matter and investigating any potential data impact. Our investigation is ongoing; based on our preliminary review to date, it appears the data is limited to business contact information in our health journals business. At this time, there is no evidence that any financial or tax data has been impacted, nor evidence of data impact associated with products outside of the health journals business.”

This wouldn’t be the first time Wolters Kluwer has been targeted. In 2019, the financial giant caused panic among clients when its network was attacked.

Malware began shutting down access to vast databases of tax return information, sparking concerns about the security of the tax returns and financial information stored on the company’s cloud servers.