Optionis Group denies responsibility for data breaches that led to the sharing of personal information with tens of thousands of artists on the dark network earlier this year, according to an expired email seen by Computer Weekly.
The group, which owns the umbrella company Parasol and several accounting firms targeting contractors, is the subject of a group action seeking compensation for contractors whose personal data have been compromised by the breach that came to light in February 2022.
The action is being monitored by London-based law firm Keller Lenkner and was launched shortly after it turned out that the Optionis Group had suffered a data breach in an alleged ransomware attack on its systems five weeks earlier.
As reported by Computer Weekly in February 2022, the data breach led to a significant dump of personal information in the dark network belonging to contractors who were either hired by or relied on Optionis umbrella companies. accounting firms.
Despite Optionis’ assurances that it will promptly notify all contractors whose personal information has been compromised as a result of the breach, Computer Weekly spoke to several IT contractors in February 2022 who decided to gain access to the landfill themselves in search of their own. own data after being disappointed at the time Optionis had to do so.
In the following months, the Keller Lenkner Group continued its activities, with the law firm issuing a statement in April 2022 confirming that the infringement investigation had shown that there were grounds to accuse the company of “manifest infringement” by the United Kingdom. Data Protection Regulation (GDPR).
The statement also said that the victims of the infringement had a “solid and winning case”, which prompted Keller Lenkner to issue a notice of potential action against Optionis.
However, Optionis does not seem to agree, based on an email – seen by Computer Weekly – sent in recent days by Keller Lenkner to artists participating in the group action.
“In our last update, we advised … we had written to Optionis to seek more information about the cyberattack and to request copies of the various documents, such as copies of any reports of the causes of the cyberattack, which will help us determine the next steps. “The email says.
“We have now received a response from Pinsent Mason’s lawyers working for Optionis; they have denied any liability for the payment of compensation and have refused to provide the requested documents. “
As a result, Keller Lenkner’s email confirmed that the law firm is now preparing a “letter of claim” to which Optionis will have 21 days to respond formally. “Once we receive their response, if they support the refusal, then we will have to prepare to file a lawsuit,” it said.
Given Optionis’ 21-day response time, the email ended with an indication that the law firm expects to be able to update participants in class actions by mid-June 2022.
In a statement to Computer Weekly, Keller Lenkner confirmed the contents of the email, saying the Optionis Group’s legal team had issued a “firm disclaimer of responsibility for the cyber attack and subsequent data breaches.”
It adds: “We are preparing a ‘claim’ on behalf of those affected by the data breach and if the claim is not resolved, we will make a full submission to the court. On behalf of our clients, we maintain that exposing their data, both personal and sensitive, has caused significant problems and suffering. “
Computer Weekly contacted the Optionis Group to respond to Keller Lenkner’s allegations that it refused to provide documents about the cyber attack and denied responsibility for the incident.
The company said in a statement to Computer Weekly: “Since the cybersecurity incident we suffered earlier this year, our main business priority has been to investigate the exact nature of the information that was copied from our systems during the attack.
“We have allocated significant resources to this process and currently have a significant team that reviews the data affected, which will allow us to identify where there is a high risk for each person.
“It was a long and complicated process; however, it remains our absolute priority to identify the impact on personal data and to communicate with those affected. We would like to thank our partners, customers and employees for their patience as we continue to respond to this incident. “