unknown attacks SD Worx People Solutions SA

Incident Date:

April 10, 2023

World map



unknown attacks SD Worx People Solutions SA


SD Worx People Solutions SA




Antwerp, Belgium

, Belgium

First Reported

April 10, 2023

IT Systems Shutdown at Belgian-Based Company Following Security Breach

The Belgian-based company has notified customers that its UK and Ireland division had to close down its IT systems to contain the attack. It stated that it was not a ransomware attack, leaving open the possibility the breach came from a phishing incident: “We are further investigating this case and can confirm that this is not a ransomware attack. Also, at this time there is no evidence to assume that any data has been compromised. The reason why we have pre-emptively isolated our systems is to mitigate any further impact and adequately assess the threat.”

According to its website, SD Worx services 5.2 million employees for over 82,000 companies. Its customers in the UK include Asda, Marks & Spencer and WHSmith.

Immediate Response to Malicious Activities

On 10 April the company stated: “Our security team has discovered malicious activities in our hosted data centre last night. We have taken immediate action and have preventively isolated all systems and servers to mitigate any further impact. As a result, there is currently no access to our systems, which we deeply regret of course.”

Data Privacy Concerns

Because of the nature of the company’s work, concerns over the potential loss of data will centre on personal details such as addresses, bank accounts, birth dates, tax information, government ID numbers, addresses, full names and employee assessments.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.