ra2 studio - stock.adobe.com

Umbrella company Brookson self-refers to NCSC following cyber attack on its network

Contractor payroll, accounting and compliance firm confirms its networks have been targeted by an ‘extremely aggressive’ cyber attack that has resulted in some of its systems being proactively taken offline

Cheshire-based contractor payroll service provider Brookson Group has referred itself to the UK National Cyber Security Centre (NCSC) after its networks were targeted by an “extremely aggressive” cyber attack last night.

The company, which specialises in providing payroll processing, accountancy and compliance services to the contractor community, confirmed the attack in a LinkedIn blog post, authored by Brookson Group CEO Andrew Fahey.

According to Fahey, the attack on its networks was immediately detected and contained, enabling the firm to take the “necessary preventative measures” to ensure no customer or supplier data was compromised. These included pushing through changes that mean Brookson’s services, including its phone lines, will remain inaccessible to external networks for the time being, he added.

“This type of attack is extremely aggressive,” wrote Fahey. “Our technical and security teams have been working through the night and continue to validate our network infrastructure. We have also enlisted the services of a dedicated digital forensic provider to validate our network infrastructure before we re-enable any services.”  

He added: “This incident has been reported to the UK National Cyber Security Centre.”

The post also sought to reassure contractors that provide services to end-clients through Brookson’s umbrella company arm that ensuring their salary payments are paid on time is a top priority for the firm.

“Our objective is to ensure all customers expecting payment on Friday [today] do receive them,” Fahey added. “Hopefully, you can appreciate there is a fine balance between pace and security, and we will do everything in our power to ensure minimal disruption is felt to our customer base and provide regular updates.”

According to Brookson’s most recent set of accounts, filed with Companies House in July 2021, it has more than 15,700 clients on its books, including contractors and freelancers working across a variety of industry verticals.

Read more about umbrella companies

In a follow-up post on Linkedin several hours after his original missive, Fahey said a pick through the company’s infrastructure by its digital forensic partner continued to show that no data had been compromised by the attempted cyber attack. Even so, it remains unclear at this point when its systems will become operational again.

“We are contacting all our recruitment agency partners and have contingency plans in place for payroll services in case the delays are longer than expected,” said Fahey.

News of the attack on Brookson follows news that fellow umbrella company Parasol is in the midst of an ongoing systems outage that has left it unable to pay the contractors it represents for several days now.

As previously reported by Computer Weekly, the root cause of Parasol’s system issues remains unknown, but the firm’s response to the matter has been criticised by some of its contractors for being too slow and lacking in detail.

The Brookson incident also comes several months after another umbrella company, Giant Group, suffered a suspected ransomware attack that also left it unable to process the salary payments of its contractors.

Closing out his second update, Fahey said the firm would, once the incident is resolved, share its learnings from the attack with the rest of the industry, so they can protect themselves from falling victim to something similar.

“We are very touched by the sentiment of our customers and the industry in general in terms of the offerings of support for dealing with this debilitating, malicious attack and we will – of course – share our defence strategy with any future impacted parties once fully resolved,” he added.

Read more on Data breach incident management and recovery