Get excited, Tax Twitter, you’re about to get your moment in the sun. Granted it’s a moment of total panic, but still, a moment.
So, if you haven’t heard, CCH has been borked since yesterday. When we say borked, we don’t mean “some users are having access problems,” rather the entire thing has been nuked to hell. Like POOF.

It appears this was a prophylactic measure by Wolters Kluwer, though why they would feel compelled to take down the whole enchilada is speculation we’ll save for a minute.
Need CCH support? Yeah, good luck with that.
Late last night, Wolters Kluwer made a statement on Facebook that, as expected, was greeted with a cacophony of criticism and littered with angry emojis.
On May 6, 2019, Wolters Kluwer experienced network and service interruptions affecting certain Wolters Kluwer platforms and applications. Out of an abundance of caution, we proactively took offline a number of other applications as we continue to investigate any impact. This prevented us from having adequate time to provide you advance notice, and for that we sincerely apologize.
We are working diligently around the clock to restore service as soon as possible.
We apologize to our customers for the inconvenience and appreciate your patience. We will provide further updates as they become available.
Obviously we’re not going to be able to get someone from CCH on the phone to ask what’s up, so as is tradition around here, we will instead fuel the rumor mill and speculate wildly as to what could be so bad CCH had to go bye-bye to hide from it.
Let’s start in /r/sysadmin. The popular theory is obviously some type of breach (“hackers” for you olds) or virus. Friendly reminder, people on Reddit are often full of shit so take this with a giant grain of salt.
I have a buddy who works there who said the Canada Office shutdown due to a potential virus outbreak, the other locations shut down as a precautionary.
EDIT: I learned that it may have made it out to some of the other locations before they got most end users to shutdown their systems. I saw another comment here saying they thought it was Megacortex, which would likely mean someone with Domain Admin rights had their credentials ripped off/stolen. I expect the next few days to be quite interesting, as this is no small company.
Someone who probably should have kept his mouth shut and stopped powerleveling on Reddit chimed in in a now-deleted post confirming the cooties in the system.
Sounds similar to what my wife said (she’s an employee). She they found the malware/ransonware in several locations across their network including the New York, New Jersey, Canada and Minnesota office. I know they use Dell for a lot of the cloud based systems.
Here’s another powerleveling blabbermouth who must have rethought doxing himself in the middle of a security breach as he later deleted his comments:
I’m a system engineer with WK. The issue is quite large and is not just affecting CCH Axcess, but rather all customer facing products across the health, Tax & Accounting, Governance, Risk & Compliance, and Legal & Regulatory. My office was not affected directly but was told to turn off our backup software and turn off all domain controllers effectively ending our work day.
He went on to “confirm” the attack is of the MegaCortex ransomware variety, which everyone has been assuming anyway. Again, this is all rumor so no one knows at this point, nor should one expect Wolters Kluwer to come out and say they were hit by ransomware while the attack is still in progress. If, of course, that’s what’s happening.
It seems a lot of people are twiddling their precious little thumbs waiting for CCH to come back.
We’ll update when we know more, and in the meantime … I dunno, not really much that can be done.
The post What In the Hell Is Happening to CCH? appeared first on Going Concern.