Cyber Incident Victim: SJD Accountancy
Date:
Jan 2022
Location:
United Kingdom
Summary
SJD Accountancy and affiliated accounting firms Nixon Williams and Parasol Group experienced a cyber security incident causing significant system disruptions and service outages. The attackers targeted the shared parent company infrastructure, prompting external IT security specialists' involvement and customer notifications via email; prolonged downtime led to public frustration, with security experts characterizing the event as consistent with typical ransomware attacks affecting small and medium enterprises.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
SJD Accountancy and Nixon Williams, two UK-based accounting firms specializing in contractor services, experienced a cyber security incident in mid-January 2022, as confirmed in customer communications and public statements. Both firms, along with umbrella company Parasol, operate under the same corporate parent Optionis, sharing CEO Doug Crawford across all entities. The incident caused significant disruption to key operational systems, though specific technical details regarding the attack vector or compromised infrastructure were not disclosed publicly. External IT security specialists were engaged to investigate and manage the incident, indicating a coordinated response across the affected organizations. Parasol Group, the overarching entity, separately acknowledged a cyber attack as the root cause of its network outage during the same timeframe, suggesting potential infrastructure or supply chain linkages between the subsidiaries. Customer-facing services were impaired, with the firms issuing near-identical email notifications describing a generic "cyber security incident" without confirming data compromise or specifying recovery timelines. The lack of detailed public attribution or explicit ransomware claims contrasted with subsequent expert analysis of the event’s characteristics.
Customer frustration emerged on social media platforms, particularly Twitter, where users reported prolonged service disruptions affecting payroll, compliance documentation, and client support channels. Security industry observers noted parallels between the incident’s impact pattern—including multi-day system outages, third-party forensic involvement, and coordinated subsidiary disclosures—and common ransomware attack outcomes among small-to-medium enterprises. No explicit ransom demands or data exfiltration claims were referenced in available communications, leaving the precise nature of attacker objectives unconfirmed. The operational overlap between the targeted firms, evidenced by shared leadership and parent company resources, raised questions about centralized infrastructure vulnerabilities, though no technical evidence was provided to substantiate this. Service restoration timelines remained unclear in public statements, with priority given to forensic investigation and system integrity verification. The incident highlighted sector-specific risks for contractor-focused financial service providers managing sensitive payroll and tax data, though no regulatory penalties or data breach notifications were confirmed in the immediate aftermath.