In January 2022, Parasol Group shut down some of its systems after it discovered “malicious activity” on its network.
Parasol is an umbrella company used by contractors across the UK to manage their payments. By taking down its systems in a multi-day outage, many contractor salary payments were delayed.
Parasol confirmed that a cyberattack was to blame for the incident. This is widely speculated to be a ransomware attack. Parasol later admitted that personal data was accessed by cybercriminals. Some of this data has been shared online.
The KP Law investigators believe that the following contractor data was accessed in the breach:
Parasol employee data is also thought to be affected.
IF YOU ARE AFFECTED BY THE PARASOL DATA BREACH, CONTACT US TO MAKE A NO-WIN, NO-FEE COMPENSATION CLAIM.
Other companies owned by Optionis include:
Our investigations show that the following businesses were affected by the same cyberattack: Optionis, Optionis Group, Parasol, Arkarius Midco, Arkarius Bidco, Optionis Midco, SJD Accountancy, Nixon Williams, First Freelance, First Umbrella, Optionis Bidco, Clearsky Accountancy and Payroll, Optionis Management, Clearsky Contractor Accounting, Silverline Performance, Wheatley Pearce, Arc Licensed Trade Consultancy, Brian Alfred, and Arnsco.
If your data was compromised in this incident, but it has not yet been shared on the dark web, there is no guarantee that this won’t happen.
The hackers might also choose to sell the records to other criminals.
Similar data breaches have resulted in fraud, blackmail, identity theft and more, so many contractors are experiencing high levels of distress.
Those affected by the incident could have a compensation claim.
REGISTER TO FIND OUT MORE ABOUT THE PARASOL GROUP ACTION.
On 10 October 2023, the Information Commissioner’s Office (ICO) issued a reprimand for Optionis Group Limited for a withdrawal of personal data after a cyber-attack.
over the last few weeks – almost a year after cybercriminals hacked Parasol’s systems – we have seen an influx of clients registering with us. This is because Parasol is only now formally notifying some contractors and employees that their data was affected in the breach.
Find out more about making a group action claim for compensation.
What does no-win, no-fee actually mean and are there really no costs if you appoint us?
We are one of the most experienced multi-claimant law firms in the UK.
We represent clients in group actions with innovation, resources, and expertise.
We work with expert barristers to ensure you get the very best level of legal support available.
We have all the resources and global expertise necessary to take on complicated cases and win.
We have offices in Chancery Lane London, Birmingham and Liverpool, and the technology to provide a nationwide service, so we can help clients across England & Wales.
We use technology to deliver a better legal experience to our clients.
We work on a no-win, no-fee basis.
We make the process straightforward and hassle-free.
Following the Parasol/Optionis data breach, KP Law began a group action to help victims of this privacy violation claim compensation. Here’s our guide to the data breach to help you find out if you have a claim, and what you need to do to secure justice for the violation of your data protection rights.
In January 2022, Parasol Group shut down some of its systems after it discovered “malicious activity” on its network. Parasol is an umbrella company used by contractors across the UK to manage their payments. By taking down its systems in a multi-day outage, many contractor salary payments were delayed. Parasol confirmed that a cyberattack was to blame for the incident. This is believed to be a ransomware attack.
Parasol later admitted that personal data was accessed by cybercriminals. Some of this data has since been shared online.
As well as Parasol contractor information, we believe that some Parasol employee data was also exposed.
If you are a Parasol employee concerned that your employer has not kept your private and confidential information safe, you can claim compensation. Crucially, an employer cannot fire you, or harm your career in any way if you make a claim. Parasol would be breaking the law if it did.
Victims of data breaches often become the target of cybercriminals, so Parasol contractors must take immediate steps to protect their finances. If you are worried that you could be at risk, you should:
If you are a Parasol customer or employee, you could be affected by this breach. Parasol has a legal obligation to tell you if your information is compromised. However, we do not believe that Parasol has notified and identified everyone whose data was accessed.
The compromised information belongs to Parasol’s parent company, Optionis. So, in addition to affecting Parasol, customers of other businesses may also have had their data stolen.
Our investigations show that the following businesses were affected by the same cyberattack: Optionis, Optionis Group, Parasol, Arkarius Midco, Arkarius Bidco, Optionis Midco, SJD Accountancy, Nixon Williams, First Freelance, First Umbrella, Optionis Bidco, Clearsky Accountancy and Payroll, Optionis Management, Clearsky Contractor Accounting, Silverline Performance, Wheatley Pearce, Arc Licensed Trade Consultancy, Brian Alfred, and Arnsco.
Together, these businesses provide services to tens of thousands of contractors.
A data breach can result in both financial and identity theft. With enough stolen information, cybercriminals can apply for credit in your name, set up fraudulent bank accounts, use your cards to make payments, and access your existing accounts. Criminals also use stolen data in scams designed to extract additional information from victims (e.g., banking passwords). And hackers often sell stolen data to other criminals for future scams. If your data was compromised in this incident, but it has not yet been shared on the dark web, there is no guarantee that this won’t happen.
Similar data breaches have resulted in fraud, blackmail, identity theft and more, so many contractors are experiencing high levels of distress. Even if no money is lost, the impact of a data breach can be significant. Many victims suffer from stress, anxiety, and distress due to living with the added risk and the extra vigilance needed.
We have been investigating the Parasol/Optionis data breach to discover what happened, how it happened, and how it affected customers and employees. We believe that:
Ultimately, we believe that Optionis is guilty of flagrant breaches of the United Kingdom General Data Protection Regulation (UK GDPR). We also believe that victims of this data breach have a solid and winnable case. As such, we have taken formal steps against the business and have issued a notice of potential claim against Optionis Group Limited for the Parasol data breach.
While Parasol Group/Optionis was the victim of a cyber-attack, the company controlled your personal information and had a duty to look after it. We believe that poor security processes allowed the breach to happen, so Option is responsible and must be held to account.
On 10 October 2023, the Information Commissioner’s Office (ICO) issued a reprimand for Optionis Group Limited for a withdrawal of personal data after a cyber-attack. According to the data protection regulator, Optionis did not have appropriate measures in place for the security of its systems, and the breach was a “real example of what can happen when the right security measures are not in place”.
During its investigation the ICO discovered that:
Taking into account all the circumstances of the case, the ICO decided to issue a reprimand to Optionis in relation to the infringements of the UK General Data Protection Regulation. However, Optionis will not be fined for its poor data security practices. So, it could be argued that it has gotten away lightly.
Our data protection solicitors have listed some helpful links to ensure victims of the Parasol Group/Optionis data breach know where they can turn.
The leading independent victim’s charity in England and Wales for people affected by crime and traumatic incidents.
If you are struggling emotionally after a data breach, you can call the Samaritans free from any phone.
Provides advice, information, onward referral, and holistic support to people experiencing mental ill-health and drug/alcohol difficulties (which could be exacerbated following the hack). The service can also support people who have been a victim of crime.
Victims of online offences such as scams and financial/identity fraud following the Parasol Group/Optionis data hack should contact Action Fraud to report their loss.
A source of unbiased, factual, and easy-to-understand information on online safety with guidance to protect you from fraud, identity theft and abuse.
Impartial advice to help everyone in the UK protect themselves against financial fraud.
At KP Law, we understand that choosing a data breach solicitor can be daunting. How do you know if it is the right firm for you? To make the process a little bit easier, here are some questions you should ask when choosing a Parasol Group/Optionis data breach lawyer.
Most firms do not have lawyers who are experts in data breach law. But at KP Law, we have a dedicated team of data protection experts led by Kingsley Hayes – arguably the UK’s foremost data breach solicitor. Our data breach solicitors are at the forefront of data breach legal services. And, because we have been doing this for longer than most, we lead our field when it comes to understanding the complexities involved. We know what it takes to make a successful data breach claim.
Some firms will offer their services on a no-win, no-fee basis. This means that, if you do not win, you shouldn’t have to pay a penny. But be careful to check the small print. With KP Law:
Several UK firms have knowledge of multi-claimant litigation, but it is worth checking to see if they have specifically managed multiple data breach group actions. At KP Law, we are currently managing several significant data breach group actions. And we have secured settlements against big players such as British Airways and Ticketmaster.
When it comes to legal support, large organisations are smarter and better resourced than ever before. And it can be difficult for some law firms to stand up to such strength. At KP Law, we have the legal expertise and resources necessary to take on corporate giants with deep pockets. We support thousands of multi-claimant and group-action clients, and we can do the same for you.
If Parasol informs you that your data is involved in this breach, you can join our no-win, no-fee compensation claim. There are no costs to register and no obligation to proceed. We will also ask you for some other evidence to ensure we make the strongest possible claim on your behalf.
Many of our clients have seen a rise in attempted phishing scams since the data hack. If you have experienced phishing, or other scam attempts, that you believe are linked to this data breach, please make a note of these, and keep any evidence.
If you have experienced any financial loss because of this data breach, please make a note of this and keep any evidence (e.g., bank statements, correspondence, etc.). Even if your financial data wasn’t breached, you could still have lost money if a phishing scammer has used your personal data against you.
If you have experienced emotional distress because of this data breach, please make a note of this and keep any evidence (e.g. details about medical appointments/prescriptions that relate to this data breach).
Following a data breach, people often have to spend a significant amount of time on the phone with their bank and credit reference agencies. Sometimes, there are travel costs and medical expenses required. And it might be possible to add these to your claim.
It is not unusual that – on reviewing a data breach impact form – we uncover information that allows us to increase the value of a claim significantly. What might seem irrelevant to you could make a massive difference in the eyes of the law. So please keep a hold of anything that might be useful.
See our answers to the FAQs we get asked about the Parasol data security incident.
Parasol Group shut down some of its systems after it discovered “malicious activity” on its network. The incident, which is believed to be a ransomware attack, resulted in the exfiltration of some contractor and employee information. This data was then posted online.
The stolen information includes personal and financial contractor data. Some employee information is also thought to be affected.
If you are a Parasol customer or employee, you could be affected by this breach. Parasol has a legal obligation to tell you if your information is compromised. However, Parasol has not yet identified whose data was accessed.
Anyone who thinks they might be involved should take immediate steps to protect themselves.
If Parasol informs you that your data is involved in this breach, you can join our no-win, no-fee compensation claim. There are no costs to register and no obligation to proceed.
A group action claim is where a group of people – sometimes even thousands of people – have been affected by the same issue. Group action cases are also known (here or in the US) as class actions, multi-claimant or multi-party actions.
A group action allows people with the same type of claim to bring it together on a collective basis. This strengthens their overall position and makes big organisations take the matter seriously. This increases the claimant’s chances of settlement or success in litigation.
Just because your case is part of a group action doesn’t mean that everyone will receive the same amount of compensation if successful. All claims are settled based on their merits, and you will receive what you are owed.
If you are part of a group action with another firm and you would like to know more about switching to Keller Postman UK, contact us today.
There are no costs to join a claim. However, if your claim is successful, you may have to pay a ‘success fee’. This fee is taken from the compensation awarded to you. Our success fee is competitive, and we make sure you are fully informed about any potential costs before you officially join our action. If you lose, you won’t have to pay a penny.
While each case is judged on its own merits, there are some things we would typically look for when it comes to when claiming compensation following a data breach, cybercrime or other GDPR violation:
With stolen data, cybercriminals can make purchases using your bank and credit cards, apply for credit in your name, set up fraudulent bank accounts and access your existing online accounts.
GDPR failures, cybercrime and data breaches can have a significant impact on you, both mentally and physically. They can cause or exacerbate anxiety, stress and other psychological conditions.
KP Law has some of the most skilled data breach lawyers in England and Wales. Here are just some of our success stories.
KP Law is a founding member of the Collective Redress Lawyers Association (CORLA). CORLA aims to improve access to justice for claimants by way of collective redress.
