Cyber Incident Victim: Nixon Williams
Date:
Jan 2022
Location:
United Kingdom
Summary
Nixon Williams and its sister accounting firms under the same parent company experienced a cybersecurity incident causing significant system disruptions and service outages. The firms notified customers of the attack, engaged external security specialists, and faced public frustration over prolonged downtime, with experts suggesting the pattern aligns with typical ransomware targeting small and medium enterprises.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
SJD Accountancy and Nixon Williams, two UK-based accountancy firms specializing in contractor services, experienced a cybersecurity incident in mid-January 2022. Both firms, operating under the same corporate parent as umbrella company Parasol, shared executive leadership through CEO Doug Crawford, who also headed overall parent company Optionis. The organizations disclosed the incident to customers via email communications, acknowledging disruptions to key operational systems. External IT security specialists were engaged to investigate and respond to the breach, though specific technical details about attack vectors or compromised infrastructure were not publicly disclosed. SJD Accountancy characterized the event as a "cyber security incident" affecting service delivery, while Nixon Williams issued a nearly identical notification to its client base. The coordinated nature of these disclosures suggested a shared technological environment or concurrent attacks across the affiliated businesses.
Service disruptions extended beyond the two accountancy firms to include Parasol Group, their corporate sibling, which separately confirmed a cyberattack caused its network outage. Customers across the affected companies reported prolonged inability to access critical financial and payroll services, leading to public complaints on social media platforms like Twitter. Security industry observers noted the incident pattern aligned with common ransomware attack experiences among small and medium enterprises, though no threat actor claimed responsibility or specified ransom demands in available communications. The parent organization's decision to bring in external cybersecurity experts indicated recognition of technical complexity exceeding internal response capabilities. Operational impacts persisted for multiple days based on customer reports, though full restoration timelines weren't formally detailed in initial disclosures. No conclusive evidence regarding data exfiltration or financial losses was confirmed in the immediate aftermath.