SD Worx shuts down UK and Irish services amid cyberattack

11 Apr 2023

Image: © Kannapat/

SD Worx said there is currently no evidence to suggest any data was compromised and that its systems were isolated as a preventative measure.

Global HR and payroll service provider SD Worx has been forced to shut down its IT systems for the UK and Ireland following a cyberattack.

The company detected “unauthorised activities” in its hosted UK and Ireland data centre on 10 April, according to a company spokesperson speaking to

SD Worx said it took “immediate action” and isolated its servers and systems to mitigate any “further impact” to its customers in the UK and Ireland.

As a result of the preventative measure taken, there is currently no access to SD Worx’s systems for these customers. The company provides HR and payroll services for its clients.

The customer portal for the UK and Ireland is currently inaccessible, while portals for other European countries are working normally.

A company spokesperson said its systems were “pre-emptively isolated” to mitigate further impact and “adequately assess the situation”. It is unclear what damage the cyberattack caused, but SD Worx’s initial investigation has revealed that it “is not a ransomware event”.

“SD Worx emphasises that it applies extremely stringent organisational and technical security measures to secure the privacy and data of its customers at all times,” the spokesperson said. “At this time there is no evidence to suggest that any data were compromised or lost.

“It goes without saying that SD Worx is handling this with the highest priority to re-establish access to the systems and to have the infrastructure back up and running as soon as possible.”

The spokesperson also said the company’s Intelligo customers in Ireland are not impacted, as these systems are independent of SD Worx systems.

The company sent out a security advisory to its UK and Irish customers informing them of the situation. SD Worx’s spokesperson said customers will also be informed about any further updates.

Trevor Dearing, director of critical infrastructure solutions at cybersecurity company Illumio, said this attack is another example of “why breach containment is now paramount”.

“It’s good that SD Worx has acted fast and taken proactive steps to contain the attack, however, we need to get to a scenario where we can contain attacks quicker, and in a smaller area without taking systems offline,” Dearing said.

“It’s also a reminder to all companies that not all attacks are ransomware. Attackers still have a vested interest in stealing sensitive data which is a commodity on dark web markets and can be used to fuel more targeted attacks, blackmail and fraud.”

Last week, Uber suffered its third data breach in six months as a result of private driver data being stolen from a third-party law firm.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic