SD Worx has begun providing gradual access to systems for the vast majority of HR and payroll professionals following last week’s cyberattack, Reward Strategy has learned.
"The company started the process yesterday afternoon and will further continue," a spokesperson confirmed.
"In a next phase, currently planned for later this week, we will gradually release system access to all UK&I customers’ employees as well."
Last Monday, the HR and payroll software company suffered a cyberattack forcing it to shut down all of its IT systems.
A notification was issued to customers who were potentially affected.
SDWorx activated its business recovery plans to ensure customers’ employees were paid through alternative channels until systems were fully back up and running.
The Belgian payroll giant, which has more than 80,000 clients, said in a statement: "There was a hacking attempt by a malicious attacker group.
Read more: Workers ’borrowing money’ to cover expenses
"We activated our business recovery plans and launched a forensic investigation by dedicated forensic experts. Based on the results of this investigation, there is no detection of any confirmed impact on confidentiality or integrity of customer data.
"There are no indications that customer data has been extracted: the forensic experts did not find any traces of data exfiltration tools or exports that took place nor has SD Worx been contacted by the threat actor group, who could be identified, that they have obtained data."
Systems outside of the UK and Ireland were unaffected by the attack.
Read more: Aldi rolls out allyship training to managers
The company apologised in a statement last week, emphasising that it applies "extremely stringent organisational and technical security measures to secure the privacy and data" of its customers.
"The SD Worx security team detected unauthorised activities in its hosted UKI data centre on Monday 10 April, affecting SD Worx customers in the UK and Ireland.
"SD Worx took immediate action, activated its security incident response and crisis management plans. It preventively isolated all systems and servers to mitigate any further impact for its customers in the UK and Ireland and to adequately assess the situation. As a result, there is temporarily no access to the systems for them.
Read more: Half of bosses see increase in mental health issues
"We can confirm we have identified a malicious attacker group as the source threat actor. Multiple methods were used by the threat actor group to get access into the environment. We know their mode of operations and will actively keep on monitoring the environment. We are taking the necessary remediation actions."