• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Parasol Umbrella seem to have disappeared today

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

  • eek
    replied
    Originally posted by Paralytic View Post
    One way to find out what information might have been stolen is to do a Subject Data Access request to see what data they hold on you, and that's the worst it should be.

    Of course, i'm not sure its fair on them to be swamped by such requests when they are busy recovering their business, but I do believe they should have, by now, told their customers the type of information that might have been taken. In particular, if they held their passwords unencrypted, they should be informing their customers immediately since so many people still use the same password across multiple sites.
    I can't imagine the password was unencrypted the standard .net identity management software has never used unencrypted passwords. But that doesn't help because I suspect there is enough data available elsewhere and across enough other users (all you really need is 2 or 3 people with the same preferred password) that it will be possible to identify where people's preferred passwords were used again.

    I will repeat my comment from earlier this week, if you are changing passwords, get a password manager and use that to randomly generate a password for each site.

    As for the data lost - assuming as is likely they had access to everything

    If you are an umbrella worker it's likely your bank details are gone (how else do they pay you).

    If you are an accountancy or umbrella worker I would assume your name, date of birth, address and NI number have also been taken (all needed for RTI submissions).

    Last edited by eek; 9 February 2022, 08:32.

    Leave a comment:


  • Paralytic
    replied
    One way to find out what information might have been stolen is to do a Subject Data Access request to see what data they hold on you, and that's the worst it should be.

    Of course, i'm not sure its fair on them to be swamped by such requests when they are busy recovering their business, but I do believe they should have, by now, told their customers the type of information that might have been taken. In particular, if they held their passwords unencrypted, they should be informing their customers immediately since so many people still use the same password across multiple sites.

    Leave a comment:


  • courtg9000
    replied
    Originally posted by pacontracting View Post

    and they cheekily took their margin too! If it keeps them afloat from a cashflow perspective, however, then I have no issues, given the amounts of money at stake here for all employees.
    Originally posted by oleanderwand View Post
    I am asking this question on behalf of a colleague who is not forum member, but worries about data held by SJD being leaked:

    'Is there any information somewhere which may point to how far back the hacked/leaked data is: i.e. only recent data or whether it goes back to 6 or 7 years ago?'

    He is wondering whether he better protects himself through CIFAS regardless (he/his Co. ceased from being SJD's client several years ago after Optionis' MVL arm completed his Co.'s MVL).

    Probably nobody knows the answer for sure, but any information is much appreciated.
    I would be advising him that it is highly likely that his data has been breached.
    Allow me to give an example. I was a victim of the BA data breach in 2018.
    The last time I flew BA was in 2012 when they were banned as a supplier to me for a second time.
    These people will take whatever data they can get their hands on.
    Assume you have unless told you are told categorically NO and even then take that with a pinch of salt.
    If CIFAS can protect you don't wait for Optionis to arrange it, pay the money now. Send Doug Crawford an invoice for the cost.

    Leave a comment:


  • oleanderwand
    replied
    I am asking this question on behalf of a colleague who is not forum member, but worries about data held by SJD being leaked:

    'Is there any information somewhere which may point to how far back the hacked/leaked data is: i.e. only recent data or whether it goes back to 6 or 7 years ago?'

    He is wondering whether he better protects himself through CIFAS regardless (he/his Co. ceased from being SJD's client several years ago after Optionis' MVL arm completed his Co.'s MVL).

    Probably nobody knows the answer for sure, but any information is much appreciated.

    Leave a comment:


  • 1ne0fFU
    replied
    Originally posted by agentzero View Post
    https://www.theregister.com/2022/02/..._vice_society/

    Confirmation of personal data from the Optionis hack being spilled over a TOR marketplace and-or onion site.

    It's at least email addresses, names. Probably passwords, address details and all the other data they held too, as a good guess. Think of the level of detail NixonWilliams, SJD, Clearsky, FirstFreelance, and Parasol had on customers.

    They probably took down all services once they had extracted everything. Not good at all.
    Been here before.. Not my first breach via an entity I worked through. They paid for a CIFAS subscription to monitor any suspicious threats toward me and tracked via Experian. I hope Parasol will do the same. In my opinion we should all send them an email to ask for CIFAS protection subscription for at least 12-24 months!


    https://www.cifas.org.uk

    Leave a comment:


  • agentzero
    replied
    https://www.theregister.com/2022/02/..._vice_society/

    Confirmation of personal data from the Optionis hack being spilled over a TOR marketplace and-or onion site.

    It's at least email addresses, names. Probably passwords, address details and all the other data they held too, as a good guess. Think of the level of detail NixonWilliams, SJD, Clearsky, FirstFreelance, and Parasol had on customers.

    They probably took down all services once they had extracted everything. Not good at all.
    Last edited by agentzero; 8 February 2022, 18:35.

    Leave a comment:


  • KUWTC
    replied
    https://www.computerweekly.com/news/...five-weeks-ago

    Scant detail so far on what data has been leaked/accessed.

    Leave a comment:


  • northernladuk
    replied
    Originally posted by eek View Post

    Get a password manager such as LastPass or BitWarden or similar and manage passwords correctly going forward.

    I still have a number of none important sites that have old passwords and really should either close the account or fix the password there.
    +1 I use Roboform and it puts an exclamation mark next to any passwords that have been found on password lists so have been compromised which is useful. I don't know exactly how it does it but it's a decent marker to change them every so often. Was a bit bemused when my BT one marked as compromised when it's a unique code for BT only and is a pretty secure one with capitals, numbers, special characters but no hack reported from BT. I can't help thinking there is are data leaks at many companies that aren't a hack and they don't know about... or it could be a false flag and BT have never leaked my details. I don't know.

    Leave a comment:


  • eek
    replied
    Originally posted by I am tired TIRED View Post

    Just checked my credit report on Experian. So far so good. In the process of changing all my passwords.
    To be proactive, this article is helpful:

    https://www.experian.co.uk/consumer/...if-victim.html
    Get a password manager such as LastPass or BitWarden or similar and manage passwords correctly going forward.

    I still have a number of none important sites that have old passwords and really should either close the account or fix the password there.

    Leave a comment:


  • I am tired TIRED
    replied
    Originally posted by MrContractor View Post
    Made an account just for this thread - can't believe I hadn't noticed this forum until now!


    Seems like a fairly broad ransomware attack - I called the Experian number and was told that I would need to be sent an ID number from Optionis before they can begin to help me, so right now it seems like we have to sit on our hands and wait.

    Recommendations for the time being would be to change all passwords and find a new umbrella company.....does Crunch do that?
    Just checked my credit report on Experian. So far so good. In the process of changing all my passwords.
    To be proactive, this article is helpful:

    https://www.experian.co.uk/consumer/...if-victim.html

    Leave a comment:

Working...
X