Umbrella company Brookson self-refers to NCSC following cyberattack on its network


Cheshire-based contractor payroll services provider Brookson Group has referred itself to the UK’s National Cyber ​​Security Center (NCSC) after its networks were targeted by an ‘extremely aggressive’ cyberattack last night.

The company, which specializes in providing payroll processing, accounting and compliance services to the entrepreneurial community, confirmed the attack in a LinkedIn blog post, written by Brookson Group CEO Andrew Fahey.

According to Fahey, the attack on its networks was immediately detected and contained, allowing the company to take “necessary preventive measures” to ensure that no customer or supplier data was compromised. These include pushing through changes that mean Brookson’s services, including its phone lines, will remain inaccessible to external networks for the time being, he added.

“This type of attack is extremely aggressive,” Fahey wrote. “Our technical and security teams have been working through the night and continue to validate our network infrastructure. We also engaged the services of a dedicated digital forensics provider to validate our network infrastructure before reactivating any service. »

He added: “This incident has been reported to the UK’s National Cyber ​​Security Centre.”

The post was also intended to reassure contractors who provide services to end customers through Brookson’s umbrella company that ensuring their wages are paid on time is a top priority for the company.

“Our goal is to ensure that all customers expecting a payment on Friday [today] receive them,” Fahey added. “I hope you can understand that there is a good balance between pace and safety, and we will do everything in our power to ensure minimal disruption to our customer base and provide regular updates.”

According to Brookson’s latest set of accounts, filed with Companies House in July 2021, it has more than 15,700 clients on its books, including contractors and freelancers working in various industry verticals.

In a follow-up Linkedin post several hours after his initial missive, Fahey said a pick in the company’s infrastructure by his digital forensic partner continued to show that no data had been compromised by the attempted cyberattack. Even so, it’s still unclear at this point when its systems will become operational again.

“We are contacting all of our partner recruitment agencies and have contingency plans in place for payroll services in case the delays are longer than expected,” Fahey said.

News of the attack on Brookson follows news that fellow umbrella company Parasol is in the midst of an ongoing system outage which has prevented it from paying contractors it has been representing for several days now. .

As previously reported by Computer Weekly, the root cause of Parasol’s system issues remains unknown, but the company’s response to the issue has been criticized by some of its contractors for being too slow and lacking in detail.

Brookson’s incident also comes several months after another umbrella company, Giant Group, suffered an alleged ransomware attack that also prevented it from processing salary payments for its contractors.

Closing his second update, Fahey said the company would, once the incident is resolved, share its lessons learned from the attack with the rest of the industry, so they can protect themselves from being victimized. something similar.

“We are very touched by the sentiment of our customers and the industry in general in terms of offers of assistance in dealing with this debilitating malicious attack and we will – of course – share our defense strategy with all future parties. concerned once fully resolved,” he added.


Comments are closed.