back to article Umbrella company Parasol Group confirms cyber attack as 'root cause' of prolonged network outage

Umbrella company Parasol Group has confirmed why it shut down part of its IT last week: it found unauthorised activity from an intruder. As reported by us on Friday, the umbrella company's MyParasol portal, where timesheets are submitted, was not accessible due to a multi-day outage starting on 12 January, impacting the …

  1. elsergiovolador Silver badge

    Mystery

    It's a "mystery" why these companies even exist.

    1. Aristotles slow and dimwitted horse

      Re: Mystery

      Why so? I used one in the past and it was very useful in the short term as a quick and efficient way of having my contract payroll, tax and expenses calculated and paid correctly without the need for a full time accountant.

      You're not just bashing because you are unable to comprehend that there is an increasing amount of people who need or want to work differently to you are you?

      1. elsergiovolador Silver badge

        Re: Mystery

        You are an employee of an umbrella, so this is their duty to do those things as any other employer's.

        The problem is that these companies are being used as a tool to decouple de facto employer from their responsibilities coming from the employment law.

    2. Little Mouse

      Re: Mystery

      If you're inside of IR35 and not planning on contracting for too long, then it's typically neither cost effective nor an efficient use of your time to set up your own company.

      Also, every company I've contracted for has insisted that I am on someone's payroll (for liability reasons apparently - I've no idea if that's BS or not though). Being a sole trader simply wasn't an acceptable option to them.

      1. elsergiovolador Silver badge

        Re: Mystery

        insisted that I am on someone's payroll

        Exactly, making a mockery of employment law.

      2. Kubla Cant

        Re: Mystery

        If you're inside of IR35 and not planning on contracting for too long...

        It seems to be immaterial whether you're contracting for a long or short time. Big clients all seem to be insisting on blanket IR35. Some run their own contractor PAYE via a captive agency, but most rely on umbrellas.

        I seem to have had a lucky escape with Parasol. Was going to sign up with them, but the portal went down before I could agree the contract, so I've nominated another umbrella.

      3. Androgynous Cupboard Silver badge

        Re: Mystery

        Ironic given the "limited" in limited company stands for limited liability. If it's liability they're worried about, they would be insisting you operated as a sole trader.

      4. W.S.Gosset Silver badge

        Re: Mystery

        > every company I've contracted for has insisted that I am on someone's payroll (for liability reasons apparently - I've no idea if that's BS or not though)

        Your required Professional Indemnity insurance covers (their exposure to) liability, so yes it's BS.

        This sounds like HR's next/current wankery. They used precisely the same tactic (plus others) to wipe out independent headhunters.

    3. Anonymous Coward
      Anonymous Coward

      Re: Mystery

      What's the alternative if someone wants the variety of contracting and wants to choose which projects they work on (which rules out a consultancy) but doesn't want to run a business?

      1. elsergiovolador Silver badge

        Re: Mystery

        The alternative then is something called Fixed Term Contract.

        1. Anonymous Coward
          Anonymous Coward

          Re: Mystery

          Which means being unable to take the majority of gigs on offer today, a permanently confused tax office and, after 20 years with an average of four gigs per year, 80 private pensions. Just because you don't like the idea of a payroll company handling the invoicing and deducting all the taxes that are possible to pay on earned income.

          1. elsergiovolador Silver badge

            Re: Mystery

            There is nothing confusing about FTC. The reason why corporations use the so called umbrellas is to avoid liabilities. They can and do run their own payroll just fine - they just don't want to deal with potential whistleblowers, any HR issues like bullying, equal pay or diversity quotas. Umbrella conveniently take all these problems away. If you then get bullied or see something dodgy happening at your workplace, you can't really report it, because technically you don't work there etc.

            Just because you don't like the idea of a payroll company handling the invoicing and deducting all the taxes that are possible to pay on earned income.

            As I said earlier, it's an employer's duty to handle payroll. If you are an employee of an umbrella, then they do your payroll as any other employer has to do that for their employees.

            1. Anonymous Coward
              Anonymous Coward

              Re: Mystery

              That applies to all contracting, not just those choosing to use an payroll intermediary. And choose is the word. If people want permanent employment but are being forced to work as umbrella contractors, that's something else entirely.

              1. elsergiovolador Silver badge

                Re: Mystery

                FTC by definition is not permanent employment. Of course companies prefer to use umbrellas for reasons mentioned earlier.

                That being said, if you work for an umbrella you are not a contractor but a perm employee of an umbrella that is being allocated to work for various umbrella clients.

                1. This post has been deleted by its author

                2. Anonymous Coward
                  Anonymous Coward

                  Re: Mystery

                  What problem are you trying to solve? If you want people to be treated well in the workplace, perhaps rules that place a duty of care on *all* businesses covering *every* human being they directly or indirectly engage in whatever capacity might be a better approach.

                  A self-employed electrical engineer replacing the light bulbs in an office can be harassed while onsite by permanent employees. That’s not acceptable. A well-paid one-of-a-kind specialist consultant operating through a PSC who has been hired to solve a specific problem (a “legitimate” contractor according to some) can be bullied by under pressure senior managers with unreasonable expectations. That’s also not acceptable.

                  I agree things need improving, such as regulation of umbrellas, end-clients liable for employer NI and limiting the duration of any worker-client engagement before full employment rights are due.

                  But trying to shut down legitimate businesses offering a legitimate service with legitimate use cases which can offer flexibility valued by workers and end-clients, and are no different to agency "temping" that's been around for decades, isn't the answer.

  2. Anonymous Coward
    Anonymous Coward

    All missing the point: They got hacked

    So all my / your personal information like:

    National Insurance number

    Passport details

    Home Address

    Telephone number

    Email Address

    Bank account details, personal and possibly company

    Proof of Home address, this could be utility bill with account info or even bank statement.

    References their details; Names, Addresses, Phone number and relationship

    Company Details if you moved from Outside to inside, IR35

    Company details or formation info

    Company VAT number

    If I have a criminal record, Basic Criminal Check

    My Clearance Status if held: One for the Gov Vetting Agency.

    So what have we all got to worry about?

    Questions I have:

    I ask how long has this and other brolly companies been retaining info?

    I have been with a couple as they were all Shite and I felt I was being bent over?

    Can I claim interest at credit card rates if my money fails to show?

    How much is the fine from ICO going to be, or will they get "mates rates"

    How much time, effort and stress am I going to be subjected to watching out for anything dodgy on the above list?

    They got hacked.

    1. IGotOut Silver badge

      Re: All missing the point: They got hacked

      Going by the statement, it says activity malicious activity on the network.

      It may be on a internal server that orders the pencils. As a precaution they gave taken everything offline until they can see what is wrong.

      A sensible approach.

      Heck it's exactly what I did when Nachi and Blaster hit all those years ago.

      1. Anonymous Coward
        Anonymous Coward

        Re: All missing the point: They got hacked

        That's not what my email from brolly company said

  3. Anne Hunny Mouse

    Sounds like they need some ICT contractors in to sort out the mess.

    Wonder if they know where to get any?

  4. Anonymous Coward
    Anonymous Coward

    Just checked my bank account, I got paid on Friday 14th

  5. matthewdjb

    Brookson, SJD, Nixon Williams confirm hacking.

  6. Anonymous Coward
    Anonymous Coward

    https://forums.contractoruk.com/accounting-legal/145502-firstfreelance-hacked-too.html

    The Register should perform more technical analysis of this hack. Is it a basic cloud ransomware exploit or the result of major misconfiguration and a lack of security by ParasolGroup and associated companies?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like