Contractor firms confirm cyber-attack after major outage

In a statement the UK contractor specialists, both owned by corporate parent Optionis Group, confirmed their IT security has been hit by online attackers after numerous users reported service outages.

A spokesperson told AccountingWEB: “We recently suffered a cyber security incident that impacted some of our key systems and caused significant disruption to our services. We are working with a team of IT experts to ensure we get back to normal operations as quickly as possible and we have informed the relevant authorities.” 

Details of the incident are scarce at this stage, with both firms declining to specify the nature of the attack and exactly when it took place. However, as both firms have drafted in external specialists to tackle the ongoing situation, users have speculated that ransomware could be behind the outages.

SJD Accountancy told IT publication The Register: "Our security partner and internal team identified the malicious activity very quickly and we are carrying out an extensive forensic exercise into this incident."

In a statement on its site, Nixon Williams said based on its current understanding there was "no evidence" personal data has been removed from its system. "We will provide an update on our investigation when we have more information to share, but we have been informed by our external advisors that this could take a number of weeks," continued the statement. "In the meantime, to ensure the safety and integrity of your data, we have suspended our systems and you will be unable to access Nixon Williams Vantage."

The combined group operating under the Optionis brand is believed to serve approximately 40,000 clients. On its site SJD Accountancy bills itself as the UK's largest specialist provider of fixed fee, limited company accountancy services to contractors and freelancers, with more than 15,000 clients on its books.

Parasol outage

Problems at SJD and Nixon Williams come hot on the heels of sister company Parasol Group suffering its own attack. The umbrella specialist first reported issues on Wednesday 12 January, with the firm stating on Twitter it was "currently experiencing a system outage". However, on Friday 14 January, Parasol stated it had “suspended our systems” following “malicious activity on our network.” The attack has affected the firm's ability to run payroll systems, with a growing number of customers taking to Twitter to report a lack of payment.

The root cause of our IT systems issue has been identified as malicious activity on our network. The ongoing forensic exercise and investigations currently indicate that your personal information has not been extracted. 1/5

— Parasol (@parasolgroup) January 14, 2022

According to The Register, Greet Borsens, chief sales officer at Parasol Group, wrote to customers on 12 January stating the firm is "proactively contacting employees who we know to be affected," and in a further update on 13 January said they had created "alternative processes allowing to pay our employees" and provided "guidance on how to contact us."

Whether the attacks on Parasol, SJD Accountancy and Nixon Williams are linked is unclear at this stage, and it is currently unknown whether other firms in the Optionis group, which include fellow contractor accountants ClearSky and tax rebate specialist Brian Alfred, are also affected.

Time for umbrella regulation?

Following the changes to off-payroll working rules in April 2021, umbrella companies have reported a rush of former contractor customers requiring their services, and accountant James Poyser believes the firms are now an "attractive target” for cybercriminals. Following an attack on fellow umbrella firm Giant Group in September 2021, the Parasol outage and a similar incident at Brookson reported this week, inniAccounts CEO Poyser stated it was now time to “mandate security requirements” for umbrellas the "same way the FCA does for banks”.