Brookson is the latest umbrella company to be hit with a “malicious” cyber attack

Brookson is the latest umbrella company to be hit with a “malicious” cyber attack

Umbrella companies are continuing to be targeted by cybercriminals. Last night, one of the UK’s leading umbrella companies, Brookson, was struck by an “aggressive attack”. Thankfully, a company update from CEO Andrew Fahey (shared on Brookson’s business LinkedIn profile) confirmed the systems in place were able to “contain the impact and take the necessary preventative measures to ensure no data was removed”. Keep reading and we’ll summarise the latest events. The latest developments are at the bottom.

What has happened to Brookson?

Leading UK-based umbrella companies have recently been under attack from cybercriminals. Last year, Giant Pay admitted they suffered from a security breach, and earlier this week, Parasol also released a statement confirming they had been attached as well.

Now, Brookson is the latest umbrella to be hit by a cyber-attack. Scroll down for the official company updates from Andrew Fahey, CEO at Brookson Group.

Brookson company updates

In a LinkedIn post by Andrew Fahey, CEO at Brookson Group, he confirmed that Brookson had been subjected to a cyber-attack which has been reported to the UK National Cyber Security Centre. The first statement said:

“As I am sure you aware our industry has experienced several high-profile cyber-attacks over the last few weeks, in many cases disabling businesses for weeks.

Last night the same aggressive attack was applied to the Brookson Group network. Fortunately, our network defences spotted and contained the attack immediately and this allowed us to contain the impact and take the necessary preventative measures to ensure no data was removed.

This type of attack is extremely aggressive so to ensure our customers and supplier data integrity is maintained, we have taken the proactive steps to disable all the Brookson services from accessing external networks.

Our technical and security teams have been working through the night and continue to validate our network infrastructure. We have also enlisted the services of a dedicated digital forensic provider to validate our network infrastructure before we re-enable any services.

We will look to restore all services as quickly as possible focusing on those with time critical dependencies such as our umbrella payroll as a priority.

Our objective is to ensure all customers expecting payment on Friday do receive them. Hopefully you can appreciate there is a fine balance between pace and security, and we will do everything in our power to ensure minimal disruption is felt to our customer base and provide regular updates.

This incident has been reported to the UK National Cyber Security Centre.

Whilst our phone system has been impacted and will remain offline until normal service resumes, our e mail communications remain open as usual

Please use info@brookson-businessadvisors.co.uk for any urgent correspondence.

We thank you for your support and understanding and we will provide further updates throughout the day.”

“No data has been extracted from the Brookson Group network”

The original statement (above) was shortly followed up by another update from Brookson Group CEO Andrew Fahey, and it read:

“Please find below a status update on the previously communicated cyber-attack to the Brookson Group.

Our digital forensic partners are now well underway combing through the Brookson Group Infrastructure to ensure a safe removal of the cyber-attack is completed as quickly as possible. The output of this activity is the production of a safe road map detailing the reactivation of our infrastructure, and although this is a very slow and methodical process it is vital to ensure the continued protection of our customer and supplier data. No data has been extracted from the Brookson Group network.

As it stands, we do not currently have the detailed timeline and how that translates to operational services, but we will share this as soon as we are in receipt of it.

In addition to this email, we are also ensuring these updates are shared across all the Brookson Group social channels to make it as easy as possible to receive updates for our customers and suppliers.

Just to confirm from my previous update, the Brookson telephony service is an IP hosted system so the disconnection of the Brookson network to the outside world is why our phone lines are not working, emails are protected from this disruption. Our Connect, WorkforceManager and IR35 portals are also disconnected as a result of our precautionary measures.

We are contacting all our recruitment agency partners and have contingency plans in place for payroll services in case the delays are longer than anticipated.

We are very touched by the sentiment of our customers and the industry in general in terms of the offerings of support for dealing with this debilitating, malicious attack and we will of course share our defence strategy with any future impacted parties once fully resolved.

Please use info@brookson-businessadvisors.co.uk for any urgent correspondence.

We thank you for your support and understanding and we will provide further updates throughout the day.”

Brookson has a “clear plan of action” to return to a “normal state”

Andrew Fahey issued a third update on the Brookson cyber attacks on Friday 14th January, and it said:

“Please find below a status update on the previously communicated cyber-attack to the Brookson Group.

We are now in receipt of the remedial measures from our digital forensic partners, and we have a clear plan of action to return the Brookson infrastructure to its normal state.

Due to the complexity of this activity, it will likely take most of the weekend and may spill into early next week before we have full connectivity for all externally facing systems.

To ensure customer and supplier impact is kept to a minimum we will keep the contingency systems and processes live over the weekend and use e mail as the primary communication method.

As the Brookson group contains multiple brands and services we will now communicate directly with each customer cohort

  • Personal service customer
  • Umbrella Employee
  • Corporate End Hirer
  • UK Recruitment Agency

PSC’s and Umbrella customers will shortly receive a clear set of guidelines via e mail for how we will continue to operate invoice and payroll processes over the weekend and our recruitment and End Hirer partners will receive an update from their account manager to explain ongoing support options.

Although we will not be activating our external facing portals over the weekend, we will continue to service our customers albeit we would like to manage expectations for a slightly slower SLA’s than normal due to the contingency processes being in place.

Umbrella employees who are due to receive funds today, will do so and a text message confirmation will be sent.

Please use info@brookson-businessadvisors.co.uk for any urgent correspondence.

We thank you for your continued support and understanding and we will provide further updates as progress develops.”

Update posted on Twitter – 17th January 2022 (AM)

The Brookson social media team shared an “important update” on the morning of 17th January. It said:

“All of our customers and suppliers should have received a direct communication explaining how our processes will work through this contingency period. If you have not received this detail please e-mail info@brookson-businessadvisors.co.uk and we will call you back or setup a Microsoft Teams meeting to support you. Thank you for your continued support and patience.”

Further update from Brookson – Wednesday 19th January 2022

On Wednesday 19th January, the Brookson social media team posted the following:

“All of our customers and suppliers will now have received a second direct communication explaining how our processes will continue to work through this contingency period. If you have not received this follow up communication, please email info@brookson-businessadvisors.co.uk and we will call you back or set up a Microsoft Teams meeting to support you.  Thank you for your continued support and patience.”

A further message from Brookson – Monday 24th January 2022

Brookson released a new update on Monday 24th of January, which reminded clients they should have received a third message explaining how the “contingency period” would continue to run. The message said:

“All of our customers and suppliers will now have received a third direct communication explaining how our processes will continue to work through this contingency period. If you have not received our third communication, please email info@brookson-businessadvisors.co.uk and we will call you back or set up a Microsoft Teams meeting to support you. Thank you for your continued support and patience.”

A new update to limited company clients was posted on Wednesday 2nd February 2022

In a social media post, Brookson released a statement on Wednesday 2nd February aimed at its limited company clients. The message said:

“All of our Limited Company customers will now have received a fourth direct communication explaining how our remediation plan is progressing during this contingency period. If you have not received our fourth communication, please email info@brookson-businessadvisors.co.uk and we will call you back or set up a Microsoft Teams meeting to support you.

Thank you for your continued support and patience.”

“Great news” is shared by Brookson on the 8th of February

A positive update was posted on the Brookson One website on the 8th of February, and it appears things are beginning to return to normal. The statement said:

“Great news! Our Limited Company customers will now have received our Connect email. If you have not received this, please email info@brookson-businessadvisors.co.uk and we will call you back or set up a Microsoft Teams meeting to support you. Thank you for your continued support and patience.”

More “great news” – this time for Brookson’s umbrella employees (week commencing 14th February)

Brookson released a social media post with “great news” for its umbrella company employees. The post said:

“Great news! Our Umbrella customers will now have received our latest Connect email with further information on payslips, payment reconciliation and more! If you have not received this, please email info@brookson-businessadvisors.co.uk and we will call you back or set up a Microsoft Teams meeting to support you. Thank you for your continued support and patience.”

Positive news regarding Brookson on Monday 21st February

A social media post by Brookson One on Monday 21st February suggested everything has returned to normal after the disruption caused by January’s cyber-attack. The post said:

“All websites, customer portals and phonelines are open, we hope everyone stays safe from the current storms.”

Another shocking attack

We wish Brookson, its staff and all umbrella employees the very best in this challenging situation. Brookson has a long and well-deserved history as a leading umbrella provider. It appears they have the very best people working to resolve the problem as soon as possible.

Hopefully, this awful situation will be resolved quickly without any lasting damage being caused. And, we sincerely hope the criminals behind his are identified and brought to justice.

If you work at Brookson or use them for your umbrella company payroll (as an employee), please comment below with any updates that you think will benefit our readers.

Top 10 umbrella companies

We have put together a list of our top 10 umbrella companies and we recommend you take a look. Every top 10 umbrella is accredited by either the Freelancer and Contractor Services Association (FCSA) or Professional Passport, and some have special offers at the moment.

The Complete Umbrella Company Guide - Download Now

Click here to see our top 10 umbrella companies!

Scroll to Top