Skip links

Vice Society said to be behind digital break-in at UK umbrella and accounting group

Optionis, the group that includes umbrella and accountancy companies providing services to tech contractors, has confirmed that following last month’s digital break-in customer data is being leaked online.

As we revealed mid-January, Parasol Group, which provides payroll services to freelancers, shut down its IT systems for an extended period to deal with a serious attack, thought by some to be ransomware. Parent Optionis Group later said that divisions SJD Accountancy and Nixon Williams were also hit.

In an email seen by us, Doug Crawford, CEO at Optionis, today thanked contractors for their “patience over the past few weeks.” “The incident has now been contained and we have notified the police and relevant authorities,” he continued.

“Our security team has now detected that some data belonging to Optionis was copied from our system and we believe some of that has been leaked online,” he added.

The company claimed to have upwards of 13,000 contractors on its books as of last October.

Crawford confirmed that the group has yet to determine the “precise nature of this information.”

“We felt that it was important to let you know about this development and we can assure you that we will inform you as a matter of urgency should we uncover that personal data which is likely to result in a high risk to you has been leaked.”

So what is Optinois doing for contractors as it continues to investigate the security incident? It is partnering with Experian, which has set up a dedicated helpline to field any questions from concerned freelancers.

This is the same credit reference agency that in 2020 sent the details of 24 million South Africans to one individual who purported to be a client.

According to infosec experts, Vice Society – the same gang that snared retail chain Spar last year – is behind the attack on Optionis. The gang’s leak site includes thousands of documents including spreadsheets, database files, and folders that it claims were taken from Optionis.

Brett Callow, a threat researcher at Emsisoft, told The Register: “Vice Society emerged in the middle of last year and has been observed to deploy multiple ransomware families, including HelloKitty and Zeppelin. They do, however, appear to have some form of connection with the threat group behind HelloKitty, FiveHands and DeathRansom but the nature of the relationship isn’t clear.” ®