• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

You are not logged in or you do not have permission to access this page. This could be due to one of several reasons:

  • You are not logged in. If you are already registered, fill in the form below to log in, or follow the "Sign Up" link to register a new account.
  • You may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
  • If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Previously on "Brookson/SJD/Nixon Williams down today as well?"

Collapse

  • Bluenose
    replied
    this email just went out from SJD from Optionis.

    "Good Afternoon,

    As you are aware, Optionis recently experienced a cyber security incident and I want to thank you again for your patience over the past few weeks while we have been investigating the situation. The incident has been contained and we have notified the police and relevant authorities.

    Our security team has now detected that some data belonging to Optionis was copied from our system and we believe some of that has been leaked online.

    At this stage we have not been able to ascertain the precise nature of the information, however we are investigating this as an absolute priority.

    We felt that it was important to let you know about this development and we can assure you that we will inform you as a matter of urgency should we uncover that personal data which is likely to result in a high risk to you has been leaked.

    We continue to take this incident extremely seriously and will keep you informed as the situation develops.

    To assist us in providing expert security advice we have partnered with Experian, the world’s leading global information services company, and have set up a dedicated helpline should you have any questions on the above.

    You can contact Experian on xxxxxxxxxxx Monday to Friday 9am to 5pm.

    Yours sincerely,

    Doug Crawford
    CEO Optionis"

    Leave a comment:


  • saptastic
    replied
    https://www.contractoruk.com/news/00...m_hacking.html

    SJD and Nixon Williams confirm hacking

    Leave a comment:


  • Bluenose
    replied
    Originally posted by cojak View Post

    Ah, so your email from them is a grammatically correct as your post.

    Got it.
    touche

    Leave a comment:


  • cojak
    replied
    Originally posted by Bluenose View Post

    SJD's b0xens have been 0wned, i got an email last night from them, how hard their b0xens have been 0wned is not cle4r.

    Its a good time for those that have not been hacked to check your companies security patches, keys and certificates.

    Further 0wnage is guranteed.
    Ah, so your email from them is a grammatically correct as your post.

    Got it.

    Leave a comment:


  • Bluenose
    replied
    Originally posted by cojak View Post

    Just putting it out there if people come here looking for any info.
    SJD's b0xens have been 0wned, i got an email last night from them, how hard their b0xens have been 0wned is not cle4r.

    Its a good time for those that have not been hacked to check your companies security patches, keys and certificates.

    Further 0wnage is guranteed.

    Leave a comment:


  • cmscotland
    replied
    Originally posted by Noiro View Post

    One of their updates on LinkedIn said they would be running payroll with a fixed percentage deduction as they don't have access to systems to calculate it correctly.

    I got paid on Saturday after a call from them asking my bank details, and it's a fair bit lower than it should be.

    I expect they'll include you in the next payroll run when they're back up and running to correct the amounts.
    Yeah its probably that; annoying as the client was reimbursing a load of travel expenses that I'd forked out over the last 6 months so I've been taxed on that which I shouldn't have been! But makes sense; I have at least seen some emails from actual staff in Brookson today so they're still there!

    Leave a comment:


  • Noiro
    replied
    Originally posted by cmscotland View Post
    but they've screwed up the tax, etc on it;
    One of their updates on LinkedIn said they would be running payroll with a fixed percentage deduction as they don't have access to systems to calculate it correctly.

    I got paid on Saturday after a call from them asking my bank details, and it's a fair bit lower than it should be.

    I expect they'll include you in the next payroll run when they're back up and running to correct the amounts.

    Leave a comment:


  • cmscotland
    replied
    I'm through Brookson, ironically this was my last month before going back to direct with the Ltd after securing a new role.
    I did get paid on Friday but they've screwed up the tax, etc on it; I did get an odd letter last week from NEST advising that they had been referred to the Pensions Regulator for not making payments..... that said I'm pretty sure I opted out so not sure why they would be expecting money relating to me!

    Portal, etc still down had no contact except the generic emails.

    Leave a comment:


  • eek
    replied
    Originally posted by Paralytic View Post

    Why do they need to remove something that was contained?

    And their IP phone system on the same VLAN as their business critical systems? They need a new network admin (if they even have one).
    If someone has tried to get into your systems step 1 is doubling check that they haven't actually got into them.

    Leave a comment:


  • Paralytic
    replied
    Originally posted by GregRickshaw View Post

    Our digital forensic partners are now well underway combing through the Brookson Group Infrastructure to ensure a safe removal of the cyber-attack is completed as quickly as possible.
    Why do they need to remove something that was contained?

    And their IP phone system on the same VLAN as their business critical systems? They need a new network admin (if they even have one).

    Leave a comment:


  • GregRickshaw
    replied
    Email one

    Dear customer,

    As I am sure you aware our industry has experienced several high-profile cyber-attacks over the last few weeks, in many cases disabling businesses for weeks.

    Last night the same aggressive attack was applied to the Brookson Group network. Fortunately, our network defences spotted and contained the attack immediately and this allowed us to contain the impact and take the necessary preventative measures to ensure no data was removed.

    This type of attack is extremely aggressive so to ensure our customers and supplier data integrity is maintained, we have taken the proactive steps to disable all the Brookson services from accessing external networks.

    Our technical and security teams have been working through the night and continue to validate our network infrastructure. We have also enlisted the services of a dedicated digital forensic provider to validate our network infrastructure before we re-enable any services.

    We will look to restore all services as quickly as possible focusing on those with time critical dependencies such as our umbrella payroll as a priority.

    Our objective is to ensure all customers expecting payment on Friday do receive them.
    Hopefully you can appreciate there is a fine balance between pace and security, and we will do everything in our power to ensure minimal disruption is felt to our customer base and provide regular updates.

    This incident has been reported to the UK National Cyber Security Center.

    Whilst our phone system has been impacted and will remain offline until normal service resumes, our e mail communications remain open as usual.

    We thank you for your support and understanding and we will provide further updates throughout the day.

    On behalf of Brookson,


    The Brookson Team
    Brookson One


    And Later

    Dear customer,

    Please find below a status update on the previously communicated cyber-attack to the Brookson Group.

    Our digital forensic partners are now well underway combing through the Brookson Group Infrastructure to ensure a safe removal of the cyber-attack is completed as quickly as possible. The output of this activity is the production of a safe road map detailing the reactivation of our infrastructure, and although this is a very slow and methodical process it is vital to ensure the continued protection of our customer and supplier data. No data has been extracted from the Brookson Group network.

    As it stands, we do not currently have the detailed timeline and how that translates to operational services, but we will share this as soon as we are in receipt of it.

    In addition to thisemail, we are also ensuring these updates are shared across all the Brookson Group social channels to make it as easy as possible to receive updates for our customers and suppliers.

    Just to confirm from my previous update, the Brookson telephony service is an IP hosted system so the disconnection of the Brookson network to the outside world is why our phone lines are not working, emails are protected from this disruption. Our Connect, WorkforceManager and IR35 portals are also disconnected as a result of our precautionary measures.

    We are contacting all our recruitment agency partners and have contingency plans in place for payroll services in case the delays are longer than anticipated.

    We are very touched by the sentiment of our customers and the industry in general in terms of the offerings of support for dealing with this debilitating, malicious attack and we will of course share our defence strategy with any future impacted parties once fully resolved.

    Please use [email protected] for any urgent correspondence.

    We thank you for your support and understanding and we will provide further updates throughout the day.

    Leave a comment:


  • Paralytic
    replied
    Originally posted by cojak View Post
    WTFH found this on LinkedIn
    Why am i sceptical in their claims that they managed to contain the attack, yet their phone lines are still down...

    Leave a comment:


  • JHamp82
    replied
    Originally posted by cojak View Post

    Just putting it out there if people come here looking for any info.
    Best time to move to another accountancy firm I guess. Below is a link of recommended accountants in case you haven't seen it.

    https://forums.contractoruk.com/acco...-requests.html


    Last edited by JHamp82; 17 January 2022, 09:46.

    Leave a comment:


  • Noiro
    replied
    I'm sure they're busy dealing with the attack, but would have been nice if they'd informed their contractors proactively. I had to email them to be sent a copy of that announcement.

    Leave a comment:


  • cojak
    replied
    WTFH found this on LinkedIn

    Originally posted by WTFH View Post

    At least Fahey has got his message out fairly quickly on LI & Twitter...
    https://www.linkedin.com/feed/update...8384323780609/

    Leave a comment:

Working...
X