Cyber Incident Victim: Brookson Group
Date:
Jan 2022
Location:
United Kingdom
Summary
The Brookson Group experienced an aggressive cyber attack that was promptly detected and contained, preventing unauthorized data removal. Services were proactively disabled from external networks to safeguard customer and supplier data integrity while technical teams and external forensic experts validated the infrastructure. Restoration prioritized time-critical functions like payroll to minimize disruption, with ongoing communication via email despite phone system outages. The incident was reported to the UK National Cyber Security Centre, and updates were provided to stakeholders throughout the response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 6 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On or around January 13, 2022, the Brookson Group experienced an aggressive cyberattack targeting its network infrastructure. The attack was detected and contained by the company’s network defenses during the incident, preventing unauthorized data exfiltration according to CEO Andrew Fahey’s public statement. This containment occurred despite the attack’s severity, which mirrored recent high-profile incidents disabling other businesses for weeks. Immediate response actions included proactively disconnecting all Brookson services from external networks to preserve customer and supplier data integrity. Technical and security teams worked overnight to validate network infrastructure, supplemented by engagement with a dedicated digital forensics provider to conduct additional assessments prior to service restoration. The company prioritized restoring time-critical systems first, specifically focusing on umbrella payroll services to ensure scheduled Friday payments to customers. Communication channels were impacted, with phone systems remaining offline until normal operations resumed, though email via [email protected] remained functional for urgent correspondence.
The incident was reported to the UK National Cyber Security Centre (NCSC) as part of Brookson’s coordinated response. Service restoration efforts balanced speed with security validation to minimize customer disruption, with Fahey committing to regular updates throughout the recovery process. Operational impacts included temporary loss of external network access across Brookson’s services and sustained phone system downtime. While the CEO asserted no data was removed during the attack, a conflicting customer comment referenced a malware-laden email received the prior week, suggesting potential data compromise. Brookson did not publicly address this discrepancy in the available source material. The company’s transparency in acknowledging the attack and providing mitigation updates received positive feedback from multiple clients, who cited trust-building through crisis communication. No additional technical specifics regarding attack vectors, threat actors, or forensic findings were disclosed in the primary source.