Parasol Umbrella seem to have disappeared today

**eek** · 7 February 2022, 13:47

Originally posted by I am tired TIRED View Post

Just checked my credit report on Experian. So far so good. In the process of changing all my passwords.
To be proactive, this article is helpful:

https://www.experian.co.uk/consumer/...if-victim.html

Get a password manager such as LastPass or BitWarden or similar and manage passwords correctly going forward.

I still have a number of none important sites that have old passwords and really should either close the account or fix the password there.

**northernladuk** · 7 February 2022, 14:54

Originally posted by eek View Post

Get a password manager such as LastPass or BitWarden or similar and manage passwords correctly going forward.

I still have a number of none important sites that have old passwords and really should either close the account or fix the password there.

+1 I use Roboform and it puts an exclamation mark next to any passwords that have been found on password lists so have been compromised which is useful. I don't know exactly how it does it but it's a decent marker to change them every so often. Was a bit bemused when my BT one marked as compromised when it's a unique code for BT only and is a pretty secure one with capitals, numbers, special characters but no hack reported from BT. I can't help thinking there is are data leaks at many companies that aren't a hack and they don't know about... or it could be a false flag and BT have never leaked my details. I don't know.

**KUWTC** · 7 February 2022, 15:31

https://www.computerweekly.com/news/...five-weeks-ago

Scant detail so far on what data has been leaked/accessed.

**agentzero** · 8 February 2022, 18:33

https://www.theregister.com/2022/02/..._vice_society/

Confirmation of personal data from the Optionis hack being spilled over a TOR marketplace and-or onion site.

It's at least email addresses, names. Probably passwords, address details and all the other data they held too, as a good guess. Think of the level of detail NixonWilliams, SJD, Clearsky, FirstFreelance, and Parasol had on customers.

They probably took down all services once they had extracted everything. Not good at all.

**1ne0fFU** · 8 February 2022, 19:22

Originally posted by agentzero View Post

https://www.theregister.com/2022/02/..._vice_society/

Confirmation of personal data from the Optionis hack being spilled over a TOR marketplace and-or onion site.

It's at least email addresses, names. Probably passwords, address details and all the other data they held too, as a good guess. Think of the level of detail NixonWilliams, SJD, Clearsky, FirstFreelance, and Parasol had on customers.

They probably took down all services once they had extracted everything. Not good at all.

Been here before.. Not my first breach via an entity I worked through. They paid for a CIFAS subscription to monitor any suspicious threats toward me and tracked via Experian. I hope Parasol will do the same. In my opinion we should all send them an email to ask for CIFAS protection subscription for at least 12-24 months!

https://www.cifas.org.uk

**oleanderwand** · 8 February 2022, 21:00

I am asking this question on behalf of a colleague who is not forum member, but worries about data held by SJD being leaked:

'Is there any information somewhere which may point to how far back the hacked/leaked data is: i.e. only recent data or whether it goes back to 6 or 7 years ago?'

He is wondering whether he better protects himself through CIFAS regardless (he/his Co. ceased from being SJD's client several years ago after Optionis' MVL arm completed his Co.'s MVL).

Probably nobody knows the answer for sure, but any information is much appreciated.

**courtg9000** · 8 February 2022, 21:39

Originally posted by pacontracting View Post

and they cheekily took their margin too! If it keeps them afloat from a cashflow perspective, however, then I have no issues, given the amounts of money at stake here for all employees.

Originally posted by oleanderwand View Post

I am asking this question on behalf of a colleague who is not forum member, but worries about data held by SJD being leaked:

'Is there any information somewhere which may point to how far back the hacked/leaked data is: i.e. only recent data or whether it goes back to 6 or 7 years ago?'

He is wondering whether he better protects himself through CIFAS regardless (he/his Co. ceased from being SJD's client several years ago after Optionis' MVL arm completed his Co.'s MVL).

Probably nobody knows the answer for sure, but any information is much appreciated.

I would be advising him that it is highly likely that his data has been breached.
Allow me to give an example. I was a victim of the BA data breach in 2018.
The last time I flew BA was in 2012 when they were banned as a supplier to me for a second time.
These people will take whatever data they can get their hands on.
Assume you have unless told you are told categorically NO and even then take that with a pinch of salt.
If CIFAS can protect you don't wait for Optionis to arrange it, pay the money now. Send Doug Crawford an invoice for the cost.

**Paralytic** · 9 February 2022, 08:19

One way to find out what information might have been stolen is to do a Subject Data Access request to see what data they hold on you, and that's the worst it should be.

Of course, i'm not sure its fair on them to be swamped by such requests when they are busy recovering their business, but I do believe they should have, by now, told their customers the type of information that might have been taken. In particular, if they held their passwords unencrypted, they should be informing their customers immediately since so many people still use the same password across multiple sites.

**eek** · 9 February 2022, 08:27

Originally posted by Paralytic View Post

One way to find out what information might have been stolen is to do a Subject Data Access request to see what data they hold on you, and that's the worst it should be.

Of course, i'm not sure its fair on them to be swamped by such requests when they are busy recovering their business, but I do believe they should have, by now, told their customers the type of information that might have been taken. In particular, if they held their passwords unencrypted, they should be informing their customers immediately since so many people still use the same password across multiple sites.

I can't imagine the password was unencrypted the standard .net identity management software has never used unencrypted passwords. But that doesn't help because I suspect there is enough data available elsewhere and across enough other users (all you really need is 2 or 3 people with the same preferred password) that it will be possible to identify where people's preferred passwords were used again.

I will repeat my comment from earlier this week, if you are changing passwords, get a password manager and use that to randomly generate a password for each site.

As for the data lost - assuming as is likely they had access to everything

If you are an umbrella worker it's likely your bank details are gone (how else do they pay you).

If you are an accountancy or umbrella worker I would assume your name, date of birth, address and NI number have also been taken (all needed for RTI submissions).

**1ne0fFU** · 9 February 2022, 11:36

CIFAS protection is only £25 for 2 years. So I recommend you look into it and decide for yourself. See : https://www.cifas.org.uk/pr

Parasol Umbrella seem to have disappeared today

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

Parasol Umbrella seem to have disappeared today

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

Tag Cloud