Parasol security incident which left contractors unpaid has now breached data


Umbrella company Parasol Group shut down some of its systems after it uncovered “malicious activity” on its network. Parasol, which is used by contractors across the UK to manage their payments took down many of its systems in a multi-day outage. As a result, many contractor salary payments were delayed.

To make matters worse, Parasol has now confirmed that personal data was accessed in the incident. Some of this data has now been shared online.

What do we know about the Parasol security incident?

  • The Parasol outage began on 12 January 2022
  • Parasol processes the payroll of over 13,000 contractors
  • Salary payments were delayed because of the security breach
  • Parasol confirmed that a cyberattack was to blame for the incident (widely speculated to be a ransomware attack)
  • Personal data was stolen, and some of this has now been posted online.

Parasol data breach puts contractors at risk

An email from Parasol confirms that “some data” has been copied and leaked online following the attack. At this stage, Parasol has “not been able to ascertain the precise nature of the information”.  It also appears that it has not yet been able to identify whose data has been accessed.

Any contractor who uses Parasol (or any Parasol employee) could be involved in this breach and must increase their online security to protect against further attacks.

If your data was compromised in this incident, but it has not yet been shared on the dark web, there is no guarantee that this won’t happen. The hackers might also choose to sell the records to other criminals. Similar data breaches have resulted in fraud, blackmail, identity theft and more, so many contractors who could be affected are experiencing high levels of distress.

Could the Parasol data breach have a wider reach?

The information accessed in the data breach belongs to Parasol’s parent company, Optionis.

Other companies owned by Optionis include Clearsky Business, Clearsky Contractor Accounting, SJD Accountancy, First Freelance, Optionis Accountancy and Nixon Williams. It is thought that these businesses provide services to around 28,000 contractors. Questions are now being raised about whether customers of these businesses have also had their data stolen.

What can you do about the Parasol data breach?

The police and relevant authorities have been notified and Parasol is working to establish who and what has been affected by this security failure. 

In our experience, attacks of this kind happen because of poor data security processes. We are currently working closely with cyber security experts to find out exactly how this breach impacts contractors and if – as we suspect – these individuals are at risk, we will launch a group action compensation claim.

If Parasol informs you that your data is involved in this breach, register with us and we will keep you updated as developments unfold. There are no costs to register and no obligation to proceed.

In March 2024, our firm changed its name to KP Law. 

Share this article: