The emergence on the dark web of passports, payslips and other personal documents belonging to contractors affected by the cyber attack and subsequent data breach at Parasol is prompting group actions and forcing some IT contractors to find out for themselves if their data has been compromised
IT contractors are taking it upon themselves to investigate whether their personal data has been compromised in the Parasol umbrella company data breach, after growing frustrated at the time it is taking for the payroll processing company to provide updates on the situation. Computer Weekly has spoken to a handful of system administrators and IT security contractors, employed through Parasol, who have spent the past few days downloading hundreds of gigabytes of data and thousands of files from the dark web that are known to belong to the company and its subsidiaries. At the same time, a group action is being prepared by London-based law firm Keller Lenkner to seek compensation for contractors caught up in the breach, with its own data suggesting that some of the leaked data could date back more than 10 years. "Going on what we've seen, there is data there that goes back as far as 2011 and 2009, so anyone who has used Parasol in the last 10 years – at least – could have some data on that [leaked] database," Kingsley Hayes, head of data breach at Keller Lenkner, told Computer Weekly. The leaked files are being hosted on a dark web page run by known ransomware gang Vice Society, and are listed as belonging to Parasol's parent company, Optionis Group, whose operations also include several accountancy firms that specialise in providing services to limited company contractors. These accountancy firms include Clearsky Business, Clearsky Contractor Accounting, SJD Accountancy, Nixon Williams, First Freelance and Optionis Accountancy. The Optionis Group suffered a suspected ransomware attack in the second week of January 2022 that prompted it to proactive disable and remove its customer-facing systems from the web in the following days, and led to widespread disruption to the payday cycles of thousands of contractors across the UK. Having previously assured contractors via email, on Friday 14 January, that its "investigations currently indicate" that no personal…