back to article Multi-day IT systems outage whacks umbrella biz Parasol Group amid fears of a cyber attack

Contractors employed via umbrella company Parasol Group are increasingly nervous about a multi-day outage of some IT systems used to process payroll, with several suspecting a security attack as the root cause. Greet Borsens, the chief sales officer at Parasol Group, itself part of Optionis Group, wrote to its contractor …

  1. Steve K Silver badge

    SJD Accountancy too

    SJD Accountancy too - I think they are part of the Optionis group so that would explain it.

    The email I got sounded like a security/ransomware attack....

  2. Mike 137 Silver badge

    "just wondering if this is another cyberattack"

    Given the rise in prominence of 'umbrella' services courtesy of HMRC, they could well become a prime target, not least for ramsomware because of the scale of disruption caused to the wider business community when they go down. Much more effective than attacking a single enterprise.

    The same problem could face the 'data intermediaries' advocated by the UK govt.

  3. Anonymous Coward
    Anonymous Coward

    Is Brookson Umbrella part of this shower?

    I just received email to say Brookson site is down due to Activity.

    I warned them the site could be compromised earlier last year, sent IT an email with a report. On Http and not Https and shite SSL / TLS supporting out of date protocols and keys.

    So can I claim for all the effort, time and stress I have to go through to change all my passwords. In addition, monitor my Bank and any personal info that was added to their site, like proof of identity (passport info). Other company references, my status of security clearance, just to name a few.

    You could not make this up.

    Why should I care, I paid their apprentice levy and Employer NI. I hope they have personal liability insurance and money to pay ICO fine.

  4. R0ck3t
    Devil

    I am on my second brolly company in as many months, and while I feel for my fellow contractors I am not surprised.

    If the back end is anything like the front this shit show will not be back online soon. Wonder how good the backups are!

    One Brolly company wanted me to email them my bank details and a copy of my passport. This was standard practice.

    Rush to market, security and customer service is still on the back log.

    I have not found one yet with a 2FA.. This outage sounds like credential reuse, privilege escalation, deploy ransomware.

    1. Outski Silver badge

      One Brolly company wanted me to email them my bank details and a copy of my passport. This was standard practice.

      It's standard practice for good reason, firstly KYC/RTW checks: they are technically your employer, so, under the hostile environment, are on the hook if it turns out you don't have the right to work.

      Secondly, they need your bank details in order to pay you, and most will probably prefer a UK account.

      I'm fine with this (except the HE forcing employers, landlords, healthcare workers etc to act as Border Force auxiliaries - I can feel my dad, all his career in the Immigration service, as it used to be known, spinning in his grave).

      My one stint as a contractor, I used Parasol as my brolly, and they were pretty good, explaining things to me as a newbie. The only real problem I had was the sub-Coldplay as their hold music.

      1. Jon 37 Silver badge

        I don't think the problem is the details they wanted.

        The problem is using email. Email is unencrypted, and the data is likely stored unencrypted on the recipient's systems.

    2. Necrohamster

      One Brolly company wanted me to email them my bank details...

      How do you expect them to pay you if they don't have your bank details?

      ...and a copy of my passport.

      Due diligence wrt money laundering or your right to work in Blighty?

  5. Anonymous Coward
    Anonymous Coward

    No risk eh?

    So, I was supposed to be an "employee" of Parasol Umbrella - which means they are supposed pay me, right? What happens when the agency goes under taking client's money with them? Answer from Parasol - you'll get paid when we get paid. I very much doubt I'll see any of the 2 months' worth of "salary" that I'm owed, ever, once the liquidator of the agency finishes taking their fees. Over 18 months and counting.

    1. R0ck3t

      Re: No risk eh?

      You will need to check they have paid HMRC too!

      They might not pay it as they deduct it take it, but instead pay it quarterly, normal behaviour for a business.

      I would guess that at the moment, they might not have access to the records to be able to answer the question.

  6. Anonymous Coward
    Anonymous Coward

    After 25 years as a contractor, working in my own right, for multiple clients, providing my own kit, working from home, paying tax without employing any ruses or cheats whatsoever, I got forced into IR35 with a Government client.

    Did a year, didn't grumble, worked for other clients at the same time, paid tax on that, paid my accountant, paid my insurance, collected VAT etc. like good little soldier.

    Six weeks after a 12 month renewal the project went bang but no worries, I'm technically an employee right? Fucking wrong matey, out the door.

    And these bastards wonder why nobody wants to do business with them apart from their Tory mates eh?

    1. Anonymous Coward
      Anonymous Coward

      I got forced into IR35 with a Government client.

      ...

      Six weeks after a 12 month renewal the project went bang but no worries, I'm technically an employee right? Fucking wrong matey, out the door.

      IR35 doesn't mean you're an employee of the client company, just that you're treated like an employee for tax purposes. Surely a 25-year contracting veteran knows this.

      Anyway you're still an employee of YOUR company, are you not?

    2. Anonymous Coward
      Anonymous Coward

      If you want the security of a permie job, get a permie job. There are plenty out there. My only objection to contracting via PAYE is paying the end client's employment taxes for them. I look forward to the ruling that requires this to be refunded by HMRC one day.

    3. Anonymous Coward
      Anonymous Coward

      Big bucks

      Job security

      Low (or no) taxes

      Pick two?

  7. JamieL

    Supply chain resilience?

    Given that almost all large fims / govt bodies are supposed to do due diligence on their supply chain and its ability to withstand business disruption, it does look like nobody's thought to push Parasol a bit harder to validate that their own incident plans and processes are up to scratch. My guess is that nobody went one step further along the chain...

    There will be more than a few high-value IT programmes where big chunks of the workforce are hacked off and whose minds aren't entirely on the job if this runs on another week.

    1. Anonymous Coward
      Anonymous Coward

      Re: Supply chain resilience?

      We live in a world where people are bonused for removing resilience. Because what's the point in spending money on something you might never need when business continuity insurance is so much cheaper. I'm sure the same business leaders make the same choices at home. Car insurance covers the six months spent in traction so there's really no need to waste money getting the brakes repaired this month.

  8. Anonymous Coward
    Anonymous Coward

    As a employee of Parasol

    I can confirm that the severe lack of information coming from Parasol is very frustrating indeed. And practically having to beg to be paid via a ridiculous chat system as I can't get through on the phone and nil response by email.

    I finally received 2/3 of what I should have been paid.

    And this week have no idea even if I will get paid.

    Am absolutely frustrated and distraught about this and no comms from this umbrella whatsoever.

    Am certain there are other interims out there in same position. Someone should really do something.

    And no pay means can't pay bills - will Parasol cover interim's missed direct debit charges from banks and creditors???

    1. EnviableOne Silver badge

      Re: As a employee of Parasol

      In My experience Parasol are one of the good guys.

      I used them as My Brolly for donkeys (couldn't be bothered with the paperwork)

      if they are having issues with paying you there is an issue with them getting paid.

      At the end of the day, they can't pay you what they don't have...

      Hopefully, they will get their systems back up and running and get something sorted, I hope my faith in the folks formerly from Warrington is not misplaced, if you are put into hardship sit on the chat all day, until they get their systems back up or send someone to camp outside their offices.

  9. Anonymous Coward
    Anonymous Coward

    IR35 Contract

    Those two terms are diametrically apposed.

    IF your IR35 then you are not a "Contractor".

    IF you are a "Contractor" then you are NOT IR35.

    You just have to be brave and say no when the offer comes in.

    Umbrellas ARE the target of probably the most talented bunch of people on the planet, expect their sites and services to be destroyed on a regular basis.

  10. Anonymous Coward
    Anonymous Coward

    So their "payment broadly in-line with what you would normally be paid" came through and they've deducted 65% from my invoice which is at least 25% more than they would have deducted previously.

    My renewal is up at the end of the month and I'm pushing the client to allow me to use my Ltd company to process a full PAYE salary.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022