![[UK] Umbrella contractors unpaid after hackers attack Parasol and Brookson](http://globalpayrollassociation.com/cdn/shop/articles/bigstock-Concept-Of-Cyber-Security-Inf-415697575_764c4ef0-4285-4088-858d-3529a972d574_1200x.jpg?v=1642623438)
Parasol and Brookson have been hacked simultaneously, in a concerted cyberattack on umbrella companies potentially because they are perceived to have grown ‘fat’ from IR35 reform, ContractorUK reports.
Giant fell victim to a hack in late September 2021 in a suspected case of ransomware and on January 14, Brookson Group said it was “last night” the victim of “the same aggressive attack.
Brookson’s Rob Arnold did not cite ransomware as the type of attack but said “no data was removed” from the firm’s network, which it had “disabled” as a ‘preventive measure.’
Parasol said echoed these comments in a similar email on Friday (also sent to affected parties), saying it had “suspended our systems” following “malicious activity on our network.”
An agency director who received the email - from Parasol’s CSO Greet Brosens - said the wording points towards the attack being malicious, rather than financially motivated.
Speaking on condition of anonymity, the director told ContractorUK, “Of Brookson and Parasol, the biggest impact on contractors will be Parasol, because it’s the larger umbrella.
“Indeed, Parasol has already had to pay people late and manually. But there’s been no ransom issued. So it sounds purely malicious.”
In her email, Ms Brosens said Parasol is paying staff an advance (though lower than usual) payment, based on submitted timesheets and remittances received from agencies.
Ms Brosens said Parasol will ensure reimbursements for any losses contractors incur and, in a welcome gesture, the company is “waiving our margin” during the cyber-attack period.
In his email, Brookson’s head of sales Mr Arnold said the “objective” was to ensure all customers who would ordinarily expect payment on Friday to still “receive them” by Friday.
He also said that the cyber “incident” on the Brookson Group network had been reported to the UK National Cyber Security Centre.
Data lawyer Charlotte Gerrish told ContractorUK it may not be the only authority that Brookson - and potentially Parasol - needs to notify.
“Contractors should note that the UK GDPR imposes obligations on payroll companies to report certain personal data breaches to the Information Commissioner’s Office within 72 hours of becoming aware of it.”
The founder of Gerrish Legal said, “If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, then affected payroll companies must also inform those individuals without undue delay.”
However, Ms Gerrish added that perhaps the bigger takeaway for contractors is that such criminal attacks on the contractor sector begin to point to a motive.
“Given the increased number of cyberattacks against umbrella companies in recent months, it is clear that cybercriminals are taking advantage of the fact so many contractors now need to work on a payroll basis following implementation of IR35 reform, which has resulted in umbrella companies having increasing volumes of personal data,” Ms Gerrish told ContractorUK.
In contrast to umbrellas looking ‘fat’ with much newly acquired data, PSCs tend to primarily house the personal data of their director-shareholder, and as owners, these individuals can exert “far more control over personal information and other sensitive financial information,” she said.
Parasol, Brookson and Giant are the three umbrella companies that founded the Freelancer & Contractor Services Association.
The FCSA has now responded to its three founder-member companies all being hacked.
“FCSA is not a regulator, and its expertise is in compliance with employment and tax regulations for the sector,” the association said in a statement.
“Nevertheless, we urge all our members, and all organisations in the supply chain, to prioritise their response to this risk by undertaking comprehensive and regular reviews of their system security and safeguarding of personal data and, at the very least, putting in place the appropriate measures recommended by the National Cyber Security Centre.”
Though neither Brookson nor Parasol mentioned ransomware in their emails (and Giant has repeatedly declined to confirm ransomware), the FCSA identified it specifically.
“FCSA recognises that, particularly in the case of ransomware attacks, the time from attack to resolution is affected by multiple factors and difficulties.
“It is rarely a simple case of ‘restore from backup,’” it said. “However, we expect FCSA members to make every effort to ensure that employees are paid outstanding amounts as quickly as possible and that they are as open and honest with their employees as they can be”.
Guidance for contractors on getting paid as an umbrella contractor was issued by Safe Collections exclusively to ContractorUK, following Giant’s September hack.
In an update to the story, on January 16 a spokesperson for Parasol said, “After identifying an issue affecting our IT network, we proactively took the decision to suspend our systems to ensure the safety and integrity of our data.
“We have identified the root cause of this issue as malicious activity on our network and we are conducting a detailed investigation into this incident, which will conclude as soon as possible. From the ongoing forensic exercise and investigations, there is no indication of extraction of employees’ personal information.
“In order to minimise disruption for Parasol employees, we have taken a number of steps to ensure our core services can continue to operate whilst this investigation is ongoing. A key part of this is a solution to make sure we can pay our umbrella employees, with many thousand payments having been made in the last couple of days alone.
“We are also offering full support via our LiveChat function; our support teams are taking phone calls, and we are providing updates to our employees and partners as we seek to resolve this issue.
“We apologise for any inconvenience this may be causing. We are working around the clock to ensure normal service is resumed and will provide more information as soon as possible.”
Source: ContractorUK
(Links and quotes via original reporting)
Parasol and Brookson have been hacked simultaneously, in a concerted cyberattack on umbrella companies potentially because they are perceived to have grown ‘fat’ from IR35 reform, ContractorUK reports.
Giant fell victim to a hack in late September 2021 in a suspected case of ransomware and on January 14, Brookson Group said it was “last night” the victim of “the same aggressive attack.
Brookson’s Rob Arnold did not cite ransomware as the type of attack but said “no data was removed” from the firm’s network, which it had “disabled” as a ‘preventive measure.’
Parasol said echoed these comments in a similar email on Friday (also sent to affected parties), saying it had “suspended our systems” following “malicious activity on our network.”
An agency director who received the email - from Parasol’s CSO Greet Brosens - said the wording points towards the attack being malicious, rather than financially motivated.
Speaking on condition of anonymity, the director told ContractorUK, “Of Brookson and Parasol, the biggest impact on contractors will be Parasol, because it’s the larger umbrella.
“Indeed, Parasol has already had to pay people late and manually. But there’s been no ransom issued. So it sounds purely malicious.”
In her email, Ms Brosens said Parasol is paying staff an advance (though lower than usual) payment, based on submitted timesheets and remittances received from agencies.
Ms Brosens said Parasol will ensure reimbursements for any losses contractors incur and, in a welcome gesture, the company is “waiving our margin” during the cyber-attack period.
In his email, Brookson’s head of sales Mr Arnold said the “objective” was to ensure all customers who would ordinarily expect payment on Friday to still “receive them” by Friday.
He also said that the cyber “incident” on the Brookson Group network had been reported to the UK National Cyber Security Centre.
Data lawyer Charlotte Gerrish told ContractorUK it may not be the only authority that Brookson - and potentially Parasol - needs to notify.
“Contractors should note that the UK GDPR imposes obligations on payroll companies to report certain personal data breaches to the Information Commissioner’s Office within 72 hours of becoming aware of it.”
The founder of Gerrish Legal said, “If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, then affected payroll companies must also inform those individuals without undue delay.”
However, Ms Gerrish added that perhaps the bigger takeaway for contractors is that such criminal attacks on the contractor sector begin to point to a motive.
“Given the increased number of cyberattacks against umbrella companies in recent months, it is clear that cybercriminals are taking advantage of the fact so many contractors now need to work on a payroll basis following implementation of IR35 reform, which has resulted in umbrella companies having increasing volumes of personal data,” Ms Gerrish told ContractorUK.
In contrast to umbrellas looking ‘fat’ with much newly acquired data, PSCs tend to primarily house the personal data of their director-shareholder, and as owners, these individuals can exert “far more control over personal information and other sensitive financial information,” she said.
Parasol, Brookson and Giant are the three umbrella companies that founded the Freelancer & Contractor Services Association.
The FCSA has now responded to its three founder-member companies all being hacked.
“FCSA is not a regulator, and its expertise is in compliance with employment and tax regulations for the sector,” the association said in a statement.
“Nevertheless, we urge all our members, and all organisations in the supply chain, to prioritise their response to this risk by undertaking comprehensive and regular reviews of their system security and safeguarding of personal data and, at the very least, putting in place the appropriate measures recommended by the National Cyber Security Centre.”
Though neither Brookson nor Parasol mentioned ransomware in their emails (and Giant has repeatedly declined to confirm ransomware), the FCSA identified it specifically.
“FCSA recognises that, particularly in the case of ransomware attacks, the time from attack to resolution is affected by multiple factors and difficulties.
“It is rarely a simple case of ‘restore from backup,’” it said. “However, we expect FCSA members to make every effort to ensure that employees are paid outstanding amounts as quickly as possible and that they are as open and honest with their employees as they can be”.
Guidance for contractors on getting paid as an umbrella contractor was issued by Safe Collections exclusively to ContractorUK, following Giant’s September hack.
In an update to the story, on January 16 a spokesperson for Parasol said, “After identifying an issue affecting our IT network, we proactively took the decision to suspend our systems to ensure the safety and integrity of our data.
“We have identified the root cause of this issue as malicious activity on our network and we are conducting a detailed investigation into this incident, which will conclude as soon as possible. From the ongoing forensic exercise and investigations, there is no indication of extraction of employees’ personal information.
“In order to minimise disruption for Parasol employees, we have taken a number of steps to ensure our core services can continue to operate whilst this investigation is ongoing. A key part of this is a solution to make sure we can pay our umbrella employees, with many thousand payments having been made in the last couple of days alone.
“We are also offering full support via our LiveChat function; our support teams are taking phone calls, and we are providing updates to our employees and partners as we seek to resolve this issue.
“We apologise for any inconvenience this may be causing. We are working around the clock to ensure normal service is resumed and will provide more information as soon as possible.”
Source: ContractorUK
(Links and quotes via original reporting)