English

Top Supplier With Certifications

View All Products

Ten Thousand Yuan Annual Production Capacity

View All Products

Enabling Businesses To Trade With Confidence

View All Products

Parasol data breach: Leaked email claims Optionis is denying responsibility for incident

2022-05-14 18:29:02 By : Ms. Joyce Lee

Bacho Foto - stock.adobe.com

Optionis Group is denying responsibility for a data breach that led to tens of thousands of contractors having their personal information shared on the dark web earlier this year, a leaked email seen by Computer Weekly suggests.

The group, which owns the Parasol umbrella company and several contractor-focused accountancy firms, is the subject of a group action that is seeking compensation for contractors whose personal data was compromised by the breach, which came to light in February 2022. 

The action is being overseen by London-based law firm Keller Lenkner, and was launched soon after it emerged that Optionis Group had suffered a data breach linked to a suspected ransomware attack on its systems five weeks before.  

As reported by Computer Weekly in February 2022, the data breach resulted in a sizeable dump of personal information emerging on the dark web, belonging to contractors who were either employed by Optionis’s umbrella companies or relied on its accountancy firms.

Despite assurances from Optionis that it would notify any contractors whose personal information had been compromised as a result of the breach in a timely manner, Computer Weekly spoke to several IT contractors in February 2022 who had decided to access the data dump themselves to search for their own data after growing frustrated at the time it was taking Optionis to do it. 

During the intervening months, the Keller Lenkner group action has rumbled on, with the law firm issuing a statement in April 2022 confirming that its investigation into the breach showed it had grounds to accuse the company of being in “flagrant breach” of the UK General Data Protection Regulation (GDPR).

The statement also said victims of the breach had a “solid and winnable case”, prompting Keller Lenkner to issue a notice of potential claim against Optionis.

However, it appears that Optionis disagrees, based on an email – seen by Computer Weekly – sent in recent days by Keller Lenkner to contractors participating in its group action.

“In our last update, we advised… we had written to Optionis to seek more information about the cyber attack and to ask for copies of the various documents, such as copies of any reports produced about the cause of the cyber attack which will assist us in determining the next steps of the claim,” said the email.

“We have now received a response from solicitors Pinsent Mason, who are working for Optionis; they have denied any liability to pay any compensation and refused to provide the requested documents.”

As a result, the Keller Lenkner email confirmed that the law firm is now preparing a “letter of claim”, to which Optionis will have 21 days to formally respond. “Once we have their response, if they maintain a denial, then we will have to prepare to issue the claim at court,” it said.

Given the 21-day timeframe for a response from Optionis, the email concluded by stating that the law firm expects to be in a position to update the group claim participants in mid-to-late June 2022.

In a statement to Computer Weekly, Keller Lenkner verified the content of the email, and said Optionis Group’s legal team has issued a “strong blanket denial of responsibility for the cyber attack and subsequent data breach”.

It added: “We are preparing a ‘letter of claim’ on behalf of those affected by the data breach and if the claim is not resolved, we will make a full submission to the court. On behalf of our clients, we maintain that the exposure of their data, both personal and sensitive, has caused significant issues and distress.”

Computer Weekly contacted Optionis Group for a response to Keller Lenkner’s claims that it was refusing to hand over documents about the cyber attack and was denying responsibility for the incident. 

The company said in a statement to Computer Weekly: “Since the cyber security incident we suffered earlier in the year, our top priority as a business has been investigating the precise nature of the information that was copied from our systems during the attack.

“We have committed considerable resources to this process and there is currently a substantial team conducting a review of the impacted data that will allow us to identify where there is a high risk to any individual.

“This has been a long and complicated process; however, it remains our absolute priority to establish the impact on personal data and to communicate with those affected. We would like to thank our partners, clients and employees for their patience as we continue to respond to this incident.” 

The proposed Federal Digital Platform Commission would oversee tech giants and could impose penalties and conduct investigations ...

Tech companies could start feeling pressure from consumers to limit data collection should Roe v. Wade be overturned.

Modzy and Snowplow are among the early-stage companies aiming to move AI from science project to enterprise asset. Success will ...

Secureworks researchers said a new Iranian state-sponsored threat group is melding government and financial interests by ...

Applying security-by-design principles to the cloud may not seem straightforward, but there are several ways to do so. These ...

Ransomware decryption tools are increasingly common today, thanks to cybersecurity vendors and law enforcement agencies working ...

Intel will release three generations of 200 GB, 400 GB and 800 GB infrastructure processing units over the next four years. The ...

SDN, zero trust and infrastructure as code are popular forms of network virtualization within the data center, moving away from ...

Starting with MPLS VPNs and SD-WAN, new carrier network virtualization options, like 5G network slicing, are becoming virtual ...

5G networking requires organizations and data centers to support IoT, while 4G requires increased machinery. Learn more about the...

IBM revised its quantum computing roadmap with a 4,000-qubit system by 2025 and unveiled its Modular Quantum Computing initiative...

Discover the different classifications of liquid cooling -- such as direct-to-chip, liquid immersion or rear-door heat exchangers...

The tech giant is growing its cloud database portfolio with a new service that add analytics query acceleration to and boosts ...

A data quality strategy can improve an organization's ability to generate value from data, but determining quality depends on the...

The TiDB Cloud provides a fully managed deployment of the open source TiDB database, which provides both analytical and ...

All Rights Reserved, Copyright 2000 - 2022, TechTarget Privacy Policy Cookie Preferences Do Not Sell My Personal Info

Featured Products

News & Blog