We have implemented our business continuity plans and have recovered our regular client-facing operations.
The majority of our systems have been up and running for some days now and our offices have largely returned to business as usual.
We would like to thank our clients and our staff for their support as we enter the final phase of our recovery this week.
Contacting TMF Group Employees
Your usual contacts can be reached at their TMF Group email address, on their office phone or mobile phone numbers. Each TMF Group office lists their reception phone numbers via the 'country page' section on this website, just click the 'our locations' drop down and make a selection.
Whilst we continue to restore our IT systems, we politely ask clients to resend any emails they may have sent between Tuesday 27 June and Thursday 29 June. As our email servers come back online we will have a significant backlog of emails waiting and we want to be sure we can prioritise our responses. Thank you for your co-operation.
TMF Group Statement (Updated: 07 July 15:00 BST)
Since the time of the incident, our teams have worked very hard to continue to operate the business, serve our clients and progress recovery activities. A critical majority of the affected systems are up and running again with many countries expecting to return to business as usual from Monday. We have seen no re-infection.
We will continue to share updates as we have them, and would like to thank our clients for their understanding and patience.
TMF Group Statement (Updated: ?06 July 10:00 BST?)
We are pleased to confirm that data and file exchange capability with our clients has resumed and we continue to focus on our obligations to our clients and address any backlogs.
All TMF Group applications have been through an extensive hygiene process prior to restoration to ensure integrity and availability. We are dedicated to resuming business as usual as soon as possible and doing so in a way that continues to safeguard data.
We understand many of our clients would like more technical detail. We wholeheartedly thank our clients for their ongoing support and will engage as soon as our teams have finished their recovery work.
We will continue to share updates as we have them, and would like to thank our clients for their understanding and patience.
TMF Group Statement (Updated: ?03 July 15:00 BST?)
Our 450+ global IT experts continue to work with industry leading agencies and cyber-security experts to resolve the IT issues facing many global businesses since the events of last Tuesday.
We can confirm that no client data has been compromised. The team has removed the software we believe the virus originated from and is treating certain jurisdictions in isolation.
They have made impressive progress across over 120 offices in more than 80 countries in restoring the network, connectivity, file servers and the rebuild of desktops and laptops for 7000+ employees. We have engaged additional engineers to reinforce our global efforts and are pleased to say all staff are now back on email.
Our priority is to continue the restoration process in a safe and controlled way to ensure we do not jeopardise the progress we continue to make. The safeguarding of our clients' data and our obligations to them remains our upmost concern.
We will continue to share updates as we have them, and would like to thank our clients and staff who continue to work with us to resolve the situation.
TMF Group Statement (Updated 02 July 2017, 21:00 BST)
Our 450+ global IT experts continue to work with industry leading agencies and cyber-security experts to resolve the IT issues facing many global businesses since the events of last Tuesday.
They have made impressive progress across over 120 offices in more than 80 countries. Our priority is to continue the restoration process in a safe and controlled way to ensure we do not jeopardise the progress we continue to make. The safeguarding of our clients' data and our obligations to them remain our utmost concern.
To date, our IT team has made very significant progress in restoring the network, connectivity, end-points, file servers, email and the rebuild of desktops and laptops for 7000+ employees. The team has further removed the software we believe the virus originated from and is treating certain jurisdictions in isolation. We will continue to share updates as we have them and thank you for your understanding.
TMF Group Statement (Updated 30 June 2017, 13:00 BST)
We continue to prioritise resolving the IT issues some of our TMF Group offices have experienced as a result of the virus currently affecting many businesses around the world. We believe the virus started within the tax filing system MEDoc which we use in the Ukraine.
The ransomware virus was first detected at 11:03 BST on Tuesday 27 June. As previously communicated, our Business Continuity Plans were activated immediately and we suspended our systems as a precaution. Since 12:30 BST on the same day, we have been working on restoring services and eradicating the virus from the network. There is a Digital Forensics Investigation and a technical Root Cause Analysis also in progress.
We can confirm the integrity of our data was not affected in this incident due to the prompt action taken, however, the underlying operating system and Master Boot Files were encrypted thus preventing access to the system and data across many systems. This has had a global impact and all servers and systems are being rebuilt to fully eradicate the risk of future outbreaks. Critical systems are being restored as a priority in addition to going through hygiene processes to ensure the integrity and availability of systems. There has been no re-infection and we are working around the clock to have all offices online as soon as possible.
We have robust processes in place and we continue to work with external agencies and cyber-security experts, and expect to start to return to normal operations from Monday 3 July. We have implemented an interim email service for all TMF Group employees, and we continue to restore services in a safe and controlled manner.
We would like to express our gratitude for the understanding shown by our clients and we will continue to issue updates on a regular basis.
TMF Group Statement (Updated 29 June 2017, 15:00 BST)
We continue to prioritise resolving the IT issues some of our TMF Group offices have experienced as a result of the virus currently affecting many businesses around the world. We believe the virus started within the tax filing system MEDoc which we use in the Ukraine.
As previously communicated, we suspended our systems as a precaution and our reviews show no evidence of data being compromised. We have robust processes in place and we continue to work with external agencies and cyber-security experts to return to normal operations. We have implemented an interim email service for all TMF Group employees, and we continue to restore services in a safe and controlled manner.
We will continue to issue updates on a regular basis and apologise for any inconvenience caused.
TMF Group Statement (Updated 28 June 2017, 12:00 BST)
We confirm that a number of TMF Group offices are experiencing IT issues related to the virus currently affecting many businesses around the world. We have suspended our systems as a precaution and at this stage have no evidence to suggest our client data has been compromised.
We have robust processes in place and are working to restore our services in a safe and controlled manner.
We will continue to issue updates on a regular basis and apologise for any inconvenience caused.