• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Parasol Umbrella seem to have disappeared today

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Originally posted by I am tired TIRED View Post

    Just checked my credit report on Experian. So far so good. In the process of changing all my passwords.
    To be proactive, this article is helpful:

    https://www.experian.co.uk/consumer/...if-victim.html
    Get a password manager such as LastPass or BitWarden or similar and manage passwords correctly going forward.

    I still have a number of none important sites that have old passwords and really should either close the account or fix the password there.
    merely at clientco for the entertainment

    Comment


      Originally posted by eek View Post

      Get a password manager such as LastPass or BitWarden or similar and manage passwords correctly going forward.

      I still have a number of none important sites that have old passwords and really should either close the account or fix the password there.
      +1 I use Roboform and it puts an exclamation mark next to any passwords that have been found on password lists so have been compromised which is useful. I don't know exactly how it does it but it's a decent marker to change them every so often. Was a bit bemused when my BT one marked as compromised when it's a unique code for BT only and is a pretty secure one with capitals, numbers, special characters but no hack reported from BT. I can't help thinking there is are data leaks at many companies that aren't a hack and they don't know about... or it could be a false flag and BT have never leaked my details. I don't know.
      'CUK forum personality of 2011 - Winner - Yes really!!!!

      Comment


        https://www.computerweekly.com/news/...five-weeks-ago

        Scant detail so far on what data has been leaked/accessed.

        Comment


          https://www.theregister.com/2022/02/..._vice_society/

          Confirmation of personal data from the Optionis hack being spilled over a TOR marketplace and-or onion site.

          It's at least email addresses, names. Probably passwords, address details and all the other data they held too, as a good guess. Think of the level of detail NixonWilliams, SJD, Clearsky, FirstFreelance, and Parasol had on customers.

          They probably took down all services once they had extracted everything. Not good at all.
          Last edited by agentzero; 8 February 2022, 18:35.

          Comment


            Originally posted by agentzero View Post
            https://www.theregister.com/2022/02/..._vice_society/

            Confirmation of personal data from the Optionis hack being spilled over a TOR marketplace and-or onion site.

            It's at least email addresses, names. Probably passwords, address details and all the other data they held too, as a good guess. Think of the level of detail NixonWilliams, SJD, Clearsky, FirstFreelance, and Parasol had on customers.

            They probably took down all services once they had extracted everything. Not good at all.
            Been here before.. Not my first breach via an entity I worked through. They paid for a CIFAS subscription to monitor any suspicious threats toward me and tracked via Experian. I hope Parasol will do the same. In my opinion we should all send them an email to ask for CIFAS protection subscription for at least 12-24 months!


            https://www.cifas.org.uk

            Comment


              I am asking this question on behalf of a colleague who is not forum member, but worries about data held by SJD being leaked:

              'Is there any information somewhere which may point to how far back the hacked/leaked data is: i.e. only recent data or whether it goes back to 6 or 7 years ago?'

              He is wondering whether he better protects himself through CIFAS regardless (he/his Co. ceased from being SJD's client several years ago after Optionis' MVL arm completed his Co.'s MVL).

              Probably nobody knows the answer for sure, but any information is much appreciated.

              Comment


                Originally posted by pacontracting View Post

                and they cheekily took their margin too! If it keeps them afloat from a cashflow perspective, however, then I have no issues, given the amounts of money at stake here for all employees.
                Originally posted by oleanderwand View Post
                I am asking this question on behalf of a colleague who is not forum member, but worries about data held by SJD being leaked:

                'Is there any information somewhere which may point to how far back the hacked/leaked data is: i.e. only recent data or whether it goes back to 6 or 7 years ago?'

                He is wondering whether he better protects himself through CIFAS regardless (he/his Co. ceased from being SJD's client several years ago after Optionis' MVL arm completed his Co.'s MVL).

                Probably nobody knows the answer for sure, but any information is much appreciated.
                I would be advising him that it is highly likely that his data has been breached.
                Allow me to give an example. I was a victim of the BA data breach in 2018.
                The last time I flew BA was in 2012 when they were banned as a supplier to me for a second time.
                These people will take whatever data they can get their hands on.
                Assume you have unless told you are told categorically NO and even then take that with a pinch of salt.
                If CIFAS can protect you don't wait for Optionis to arrange it, pay the money now. Send Doug Crawford an invoice for the cost.
                Former IPSE member
                My Website

                Comment


                  One way to find out what information might have been stolen is to do a Subject Data Access request to see what data they hold on you, and that's the worst it should be.

                  Of course, i'm not sure its fair on them to be swamped by such requests when they are busy recovering their business, but I do believe they should have, by now, told their customers the type of information that might have been taken. In particular, if they held their passwords unencrypted, they should be informing their customers immediately since so many people still use the same password across multiple sites.

                  Comment


                    Originally posted by Paralytic View Post
                    One way to find out what information might have been stolen is to do a Subject Data Access request to see what data they hold on you, and that's the worst it should be.

                    Of course, i'm not sure its fair on them to be swamped by such requests when they are busy recovering their business, but I do believe they should have, by now, told their customers the type of information that might have been taken. In particular, if they held their passwords unencrypted, they should be informing their customers immediately since so many people still use the same password across multiple sites.
                    I can't imagine the password was unencrypted the standard .net identity management software has never used unencrypted passwords. But that doesn't help because I suspect there is enough data available elsewhere and across enough other users (all you really need is 2 or 3 people with the same preferred password) that it will be possible to identify where people's preferred passwords were used again.

                    I will repeat my comment from earlier this week, if you are changing passwords, get a password manager and use that to randomly generate a password for each site.

                    As for the data lost - assuming as is likely they had access to everything

                    If you are an umbrella worker it's likely your bank details are gone (how else do they pay you).

                    If you are an accountancy or umbrella worker I would assume your name, date of birth, address and NI number have also been taken (all needed for RTI submissions).

                    Last edited by eek; 9 February 2022, 08:32.
                    merely at clientco for the entertainment

                    Comment


                      CIFAS protection is only £25 for 2 years. So I recommend you look into it and decide for yourself. See : https://www.cifas.org.uk/pr

                      Comment

                      Working...
                      X