SD Worx

SD Worx is a major European provider of human resources and payroll services, headquartered in Belgium. The company delivers core solutions encompassing payroll processing, HR administration, and related workforce management functions to a broad client base across the continent. Its operational footprint is explicitly noted to include a significant division serving the United Kingdom and Ireland, indicating a targeted market presence within key European economies. The organisation manages a vast quantity of sensitive employee information on behalf of its clients, a fundamental aspect of its service model that involves handling personal and financial data. This data stewardship role places SD Worx within a critical segment of the business services sector, where reliability and security are paramount to client operations. The scale of its operations is characterised by its positioning as a major player, though specific quantitative metrics such as exact client numbers or annual revenue are not provided in the available information. Its service disruption following a cyber incident underscores its integral role in the payroll ecosystems of its customers, where downtime directly impacts client businesses and their employees.

A defining event for the organisation occurred on April 9, 2023, when its UK and Ireland division suffered a confirmed cyberattack. In response, SD Worx executed a preemptive and complete isolation and shutdown of all related IT systems to contain the incident, which resulted in a total service outage for those markets. The company publicly stated the attack was not ransomware, though the precise nature of the threat was not detailed. Crucially, initial forensic assessments found no evidence of data compromise, a significant outcome given the highly sensitive nature of the payroll and HR data under its management. This incident highlights the persistent targeting of the HR and payroll sector by cybercriminals seeking valuable personal data. The organisation's immediate action to shut down systems demonstrates a containment-focused incident response protocol, prioritising threat eradication over service continuity during the acute phase. The event serves as a notable case study in the operational and reputational risks faced by firms that aggregate and process large volumes of sensitive employee information for a wide client portfolio.