Umbrella firm Parasol confirms ‘malicious activity’ as root cause of ongoing systems outage

The root cause of the ongoing systems outage that is blighting thousands of contractors working for umbrella company Parasol is linked to “malicious activity” on its network, the company has confirmed.

The outage is now entering its second week, with the company confirming in a statement on its website that its systems continue to experience “significant issues”, which, in turn, are delaying its ability to pay its contractors.

The incident is also known to have affected two other firms, SJD Accountancy and Nixon Williams, which are part of the same group as Parasol and specialise in the provision of accountancy and tax advisory services to limited company contractors.

“Parasol is experiencing significant systems issues following malicious activity on our networks,” said the company in a statement dated Sunday 16 January.

“From the ongoing forensic exercise and investigations, there is no indication of extraction of your personal information. However, to ensure the safety and integrity of your data, we have suspended our systems.”

The company is yet to confirm when the malicious activity occurred, although several Parasol contractors told Computer Weekly that the technical difficulties appeared to have started on Monday 10 January.

As previously reported by Computer Weekly, it took the company until Wednesday 12 January to go public with the news that it was suffering a systems outage that it was trying to resolve.

The company is known to have at least 7,500 contractors on its books, who rely on the firm to pay them for the work they do on behalf of end-clients in the private and public sectors.

As a result of the incident, salary payments to Parasol contractors are known to have been delayed, although the company has confirmed that its payroll runs have resumed in some capacity, and payments are now being made.

These payments are larger than expected because no deductions for income tax or national insurance contributions have been made in some instances, whereas Computer Weekly understands other contractors have received payments that are much smaller than expected.

“Payments have already been paid to many employees and we are continuing to process advance payments for many more employees,” the Parasol statement continued.

“For many, we expect this advance payment will be broadly in line with your normal pay after deductions. We do fully appreciate this won’t be the position in all cases.”

News of the Parasol outage broke on the same day that Brookson Group, which consists of companies that provide accountancy, compliance and payroll processing services to contractors, confirmed that its networks had been hit by a cyber attack.

In its most recent update on the incident, published on 14 January, Brookson said it was in “receipt of remedial measures” and had a “clear plan of action” that would allow normal service to resume in due course.

“Due to the complexity of this activity, it will likely take most of the weekend and may spill into early next week before we have full connectivity for all externally facing systems,” it said.

As reported by Computer Weekly on Friday 14 January, the company said it had self-referred itself to the National Cyber Security Centre after becoming aware of the issue the previous evening.

News of cyber security issues blighting Parasol and Brookson Group come several months after a similar assault on fellow umbrella company Giant Group.

All three companies hold compliance accreditations with umbrella company membership body the Freelancer and Contractor Services Association (FCSA), and the organisation’s newly appointed CEO, Chris Bryce, said it was encouraging all its members to take protective steps following the attacks.

“Although the FCSA’s expertise is in compliance with employment and tax regulations, as opposed to cyber security, we urge all our members, and the wider supply chain, to bolster their digital defences,” said Bryce.

“To mitigate risk, they should undertake comprehensive and regular reviews of their system security and safeguarding of personal data. We suggest at the very least that they enact measures recommended by the National Cyber Security Centre.

“We are liaising with stakeholders and our members to ensure the industry can best protect themselves from future attacks. We also support members and refer them to third-party expert advice whenever attacks happen.”