Brookson is the latest umbrella company to be hit with a “malicious” cyber attack

Brookson is the latest umbrella company to be hit with a “malicious” cyber attack

Umbrella companies are continuing to be targeted by cybercriminals. Last night, one of the UK’s leading umbrella companies, Brookson, was struck by an “aggressive attack”. Thankfully, a company update from CEO Andrew Fahey (shared on Brookson’s business LinkedIn profile) confirmed the systems in place were able to “contain the impact and take the necessary preventative measures to ensure no data was removed”. Keep reading and we’ll summarise the latest events. The latest developments are at the bottom.

What has happened to Brookson?

Leading UK-based umbrella companies have recently been under attack from cybercriminals. Last year, Giant Pay admitted they suffered from a security breach, and earlier this week, Parasol also released a statement confirming they had been attached as well.

Now, Brookson is the latest umbrella to be hit by a cyber-attack. Scroll down for the official company updates from Andrew Fahey, CEO at Brookson Group.

Brookson company updates

In a LinkedIn post by Andrew Fahey, CEO at Brookson Group, he confirmed that Brookson had been subjected to a cyber-attack which has been reported to the UK National Cyber Security Centre. The first statement said:

“As I am sure you aware our industry has experienced several high-profile cyber-attacks over the last few weeks, in many cases disabling businesses for weeks.

Last night the same aggressive attack was applied to the Brookson Group network. Fortunately, our network defences spotted and contained the attack immediately and this allowed us to contain the impact and take the necessary preventative measures to ensure no data was removed.

This type of attack is extremely aggressive so to ensure our customers and supplier data integrity is maintained, we have taken the proactive steps to disable all the Brookson services from accessing external networks.

Our technical and security teams have been working through the night and continue to validate our network infrastructure. We have also enlisted the services of a dedicated digital forensic provider to validate our network infrastructure before we re-enable any services.

We will look to restore all services as quickly as possible focusing on those with time critical dependencies such as our umbrella payroll as a priority.

Our objective is to ensure all customers expecting payment on Friday do receive them. Hopefully you can appreciate there is a fine balance between pace and security, and we will do everything in our power to ensure minimal disruption is felt to our customer base and provide regular updates.

This incident has been reported to the UK National Cyber Security Centre.

Whilst our phone system has been impacted and will remain offline until normal service resumes, our e mail communications remain open as usual

Please use info@brookson-businessadvisors.co.uk for any urgent correspondence.

We thank you for your support and understanding and we will provide further updates throughout the day.”

“No data has been extracted from the Brookson Group network”

The original statement (above) was shortly followed up by another update from Brookson Group CEO Andrew Fahey, and it read:

“Please find below a status update on the previously communicated cyber-attack to the Brookson Group.

Our digital forensic partners are now well underway combing through the Brookson Group Infrastructure to ensure a safe removal of the cyber-attack is completed as quickly as possible. The output of this activity is the production of a safe road map detailing the reactivation of our infrastructure, and although this is a very slow and methodical process it is vital to ensure the continued protection of our customer and supplier data. No data has been extracted from the Brookson Group network.

As it stands, we do not currently have the detailed timeline and how that translates to operational services, but we will share this as soon as we are in receipt of it.

In addition to this email, we are also ensuring these updates are shared across all the Brookson Group social channels to make it as easy as possible to receive updates for our customers and suppliers.

Just to confirm from my previous update, the Brookson telephony service is an IP hosted system so the disconnection of the Brookson network to the outside world is why our phone lines are not working, emails are protected from this disruption. Our Connect, WorkforceManager and IR35 portals are also disconnected as a result of our precautionary measures.

We are contacting all our recruitment agency partners and have contingency plans in place for payroll services in case the delays are longer than anticipated.

We are very touched by the sentiment of our customers and the industry in general in terms of the offerings of support for dealing with this debilitating, malicious attack and we will of course share our defence strategy with any future impacted parties once fully resolved.

Please use info@brookson-businessadvisors.co.uk for any urgent correspondence.

We thank you for your support and understanding and we will provide further updates throughout the day.”

Brookson has a “clear plan of action” to return to a “normal state”

Andrew Fahey issued a third update on the Brookson cyber attacks on Friday 14th January, and it said:

“Please find below a status update on the previously communicated cyber-attack to the Brookson Group.

We are now in receipt of the remedial measures from our digital forensic partners, and we have a clear plan of action to return the Brookson infrastructure to its normal state.

Due to the complexity of this activity, it will likely take most of the weekend and may spill into early next week before we have full connectivity for all externally facing systems.

To ensure customer and supplier impact is kept to a minimum we will keep the contingency systems and processes live over the weekend and use e mail as the primary communication method.

As the Brookson group contains multiple brands and services we will now communicate directly with each customer cohort

  • Personal service customer
  • Umbrella Employee
  • Corporate End Hirer
  • UK Recruitment Agency

PSC’s and Umbrella customers will shortly receive a clear set of guidelines via e mail for how we will continue to operate invoice and payroll processes over the weekend and our recruitment and End Hirer partners will receive an update from their account manager to explain ongoing support options.

Although we will not be activating our external facing portals over the weekend, we will continue to service our customers albeit we would like to manage expectations for a slightly slower SLA’s than normal due to the contingency processes being in place.

Umbrella employees who are due to receive funds today, will do so and a text message confirmation will be sent.

Please use info@brookson-businessadvisors.co.uk for any urgent correspondence.

We thank you for your continued support and understanding and we will provide further updates as progress develops.”

Update posted on Twitter – 17th January 2022 (AM)

The Brookson social media team shared an “important update” on the morning of 17th January. It said:

“All of our customers and suppliers should have received a direct communication explaining how our processes will work through this contingency period. If you have not received this detail please e-mail info@brookson-businessadvisors.co.uk and we will call you back or setup a Microsoft Teams meeting to support you. Thank you for your continued support and patience.”

Further update from Brookson – Wednesday 19th January

On Wednesday 19th January, the Brookson social media team posted the following:

“All of our customers and suppliers will now have received a second direct communication explaining how our processes will continue to work through this contingency period. If you have not received this follow up communication, please email info@brookson-businessadvisors.co.uk and we will call you back or set up a Microsoft Teams meeting to support you.  Thank you for your continued support and patience.”

Another shocking attack

We wish Brookson, its staff and all umbrella employees the very best in this challenging situation. Brookson has a long and well-deserved history as a leading umbrella provider. It appears they have the very best people working to resolve the problem as soon as possible.

Hopefully, this awful situation will be resolved quickly without any lasting damage being caused. And, we sincerely hope the criminals behind his are identified and brought to justice.

If you work at Brookson or use them for your umbrella company payroll (as an employee), please comment below with any updates that you think will benefit our readers.

Top 10 umbrella companies

We have put together a list of our top 10 umbrella companies and we recommend you take a look. Every top 10 umbrella is accredited by either the Freelancer and Contractor Services Association (FCSA) or Professional Passport, and some have special offers at the moment.

The Complete Umbrella Company Guide - Download Now

Click here to see our top 10 umbrella companies!

3 thoughts on “Brookson is the latest umbrella company to be hit with a “malicious” cyber attack”

  1. Will it ever end!? Any company can be subjected to a cyber attack. I wonder why brollies are being targeted. Glad I’m a permie now. Bloody good luck to all those being impacted

  2. Their reputation is taking a big hit. Right now people are unpaid, and they can’t even talk to anyone because the phones are also affected. Brookson will lose business over this.

  3. The HMRC has forced me and others to go to Umbrella companies under its !R35 strategy. If I was still working under my own Limited company I would not be affected.
    First we get screwed to pay high tax and NI and now we are not even getting paid.
    Thank you HMRC.

Leave a Comment

Your email address will not be published.

Scroll to Top