Optionis Group Limited escapes fine following Parasol data breach 

ICO screen numbers

In January 2022, Parasol contractors began experiencing technical difficulties with the company’s online systems. A statement from Parasol later confirmed that its issues were due to malicious activity on its networks. The compromised information belonged to Parasol’s parent company, Optionis Group Limited. 

Following the breach, we launched a group action to help those involved in the security failure claim compensation. And, more than a year after cybercriminals hacked Parasol’s system, we are still seeing victims of this breach sign up to join our action. In many cases this is because Parasol took months to formally notify some contractors and employees that their data was affected in the breach.  

In October 2023, the Information Commissioner’s Office (ICO) issued a reprimand for Optionis Group Limited for a withdrawal of personal data after a cyber-attack. According to the data protection regulator, Optionis did not have appropriate measures in place for the security of its systems, and the breach was a “real example of what can happen when the right security measures are not in place”.  

During its investigation the ICO discovered that:  

      • Optionis did not have appropriate organisational measures in place to ensure the confidentiality and integrity of its systems. 
      • Had the necessary security elements been in place, Optionis could have significantly reduced the likelihood of a successful attack 
      • Optionis held personal data for longer than was necessary  
      • Optionis took 11 months to notify all individuals of the breach 
      • Work from home arrangements had been in place for approximately 2 years before the incident took place. 

Taking into account all the circumstances of the case, the ICO decided to issue a reprimand to Optionis in relation to the infringements of the UK General Data Protection Regulation. However, Optionis will not be fined for its poor data security practices. So, it could be argued that it has gotten away lightly.  

Victims of the Parasol data breach are at risk of financial fraud and further data theft attempts

A data breach can result in both financial and identity theft. With enough stolen information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts, use your cards to make payments, and access your existing accounts. Criminals also use stolen data in scams designed to extract additional information from victims (e.g., banking passwords). And hackers often sell stolen data to other criminals for future scams.  

If your data was compromised in this incident, but it has not yet been shared on the dark web, there is no guarantee that this won’t happen.   

Similar data breaches have resulted in fraud, blackmail, identity theft and more, so many contractors are experiencing high levels of distress. Even if no money is lost, the impact of a data breach can be significant. Many victims suffer from stress, anxiety, and distress due to living with the added risk and the extra vigilance needed.   

Worryingly, because it took almost a year to let some victims know that their data was accessed in this breach, they were left exposed for much longer than they should have been. 

Optionis must be held to account

Optionis is guilty of flagrant breaches of the United Kingdom General Data Protection Regulation (UK GDPR) and victims of this data breach deserve compensation and justice. Our data breach lawyers have taken formal steps against the business and have issued a notice of potential claim against Optionis Group Limited for the Parasol data breach.   

If your data is involved in this breach, you can join our no-win, no-fee compensation claim. There are no costs to register and no obligation to proceed. 

In March 2024, our firm changed its name to KP Law. 

Share this article: