UK umbrella payroll firm Giant Pay confirms it was hit by 'sophisticated' cyber-attack

Tech contractors fume at lack of info as company says it will 'try' to get them paid by Friday


Giant Group, the umbrella company that has thousands of contractors on its books, has been targeted by a "sophisticated" cyber-attack that floored systems and left workers out in the cold, the biz has now confirmed.

The attack happened last Wednesday (September 22) and forced the outfit – known to many as Giant Pay – to shut down its whole network, including its phone and email systems, as well as its IT infrastructure.

It said last night it was still working on a "technical issue that is preventing us from getting the giant umbrella and giant accounts portals back up and running."

The incident blew up last week when contractors, many of whom work in IT, were unable to contact the company or carry out payroll-related tasks.

In a statement issued last night, Giant Group said:

Giant Group was the victim of a sophisticated cyber-attack on September 22nd. International law firm Crowell & Moring immediately put in place a team of experts in the US, UK and Brussels who have been carrying out necessary steps as part of the ongoing investigation.

Together, we continue to work with our insurers, the ICO and the NCA on the investigation, alongside a number of other specialist advisers.

Giant Group went on to imply that its reticence to share information was down to the nature of the attack, saying it had shared updates as soon as it was advised that it was "safe to do so."

At this stage it's not known who is behind the onslaught and the company has not responded to questions over whether the attackers used ransomware.

A spokesperson for Britain's National Crime Agency told The Register: "The NCA is aware of an incident affecting Giant Group Ltd and we are working with partners to better understand its impact."

The Reg also asked the UK data privacy watchdog and Crowell & Moring for comment.

According to reports from irate workers, there are still some discrepancies over pay, which the firm says it hopes – but cannot confirm as yet – to resolve by the end of the week.

The company also confirmed that it had made interim payments to more than 8,000 contractors who are paid for work they do with other companies and organisations via the payroll services provider. It is not clear if everyone who is due money has been paid, or if they have received their full amount.

Giant Pay added: "Although we had no portals to operate from, we managed to pay over 8,000 workers last week. We appreciate that not everyone would have received their expected payment and for that we are sincerely sorry. We are aiming to be able to process your payroll and pay you by Friday."

But despite the assurances, it seems contractors are still pulling out their hair over the lack of communication.

One wrote on Monday evening: "This is now really frustrating. Like everyone else, I was waiting to get paid on 24th September [when it had promised to process payments], but I did not receive any communication from them that this won't happen. It was later in the evening on Friday that I saw the message on their website.

"Now this is Monday evening 27th Sept, we still haven't received any form of communications from Giant Pay, neither have they updated us on what exactly is going on."

Acknowledging the problems faced by contractors Giant Group said it knows "everyone is frustrated about the lack of communication". Further updates will be published on its website. ®

Updated on 29 September to add:

The Freelancer & Contractor Services Association (FCSA) told us: "The FCSA is liaising with FCSA member firm Giant to ensure that the recent IT issues are fully resolved. We are assured that Giant are fully focused on ensuring that every contractor receives the money they are owed and that any disruption due to these IT issues are minimised for both the contractor and agencies involved. Giant is working around the clock to rectify the matter and will update all parties at every stage of the recovery process."

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • LGBTQ+ folks warned of dating app extortion scams
    Uncle Sam tells of crooks exploiting Pride Month

    The FTC is warning members of the LGBTQ+ community about online extortion via dating apps such as Grindr and Feeld.

    According to the American watchdog, a common scam involves a fraudster posing as a potential romantic partner on one of the apps. The cybercriminal sends explicit of a stranger photos while posing as them, and asks for similar ones in return from the mark. If the victim sends photos, the extortionist demands a payment – usually in the form of gift cards – or threatens to share the photos on the chat to the victim's family members, friends, or employer.

    Such sextortion scams have been going on for years in one form or another, even attempting to hit Reg hacks, and has led to suicides.

    Continue reading
  • Google: How we tackled this iPhone, Android spyware
    Watching people's every move and collecting their info – not on our watch, says web ads giant

    Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).

    RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.

    We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.

    Continue reading
  • NSO claims 'more than 5' EU states use Pegasus spyware
    And it's like, what ... 12, 13,000 total targets a year max, exec says

    NSO Group told European lawmakers this week that "under 50" customers use its notorious Pegasus spyware, though these customers include "more than five" European Union member states.

    The surveillance-ware maker's General Counsel Chaim Gelfand refused to answer specific questions about the company's customers during a European Parliament committee meeting on Thursday. 

    Instead, he frequently repeated the company line that NSO exclusively sells its spyware to government agencies — not private companies or individuals — and only "for the purpose of preventing and investigating terrorism and other serious crimes."

    Continue reading
  • Interpol anti-fraud operation busts call centers behind business email scams
    1,770 premises raided, 2,000 arrested, $50m seized

    Law enforcement agencies around the world have arrested about 2,000 people and seized $50 million in a sweeping operation crackdown of social engineering and other scam operations around the globe.

    In the latest action in the ongoing "First Light", an operation Interpol has coordinated annually since 2014, law enforcement officials from 76 countries raided 1,770 call centers suspected of running fraudulent operations such as telephone and romance scams, email deception scams, and financial crimes.

    Among the 2,000 people arrested in Operation First Light 2022 were call center operators and fraudsters, and money launderers. Interpol stated that the operation also saw 4,000 bank accounts frozen and 3,000 suspects identified.

    Continue reading
  • World Economic Forum wants a global map of online crime
    Will cyber crimes shrug off Atlas Initiative? Objectively, yes

    RSA Conference An ambitious project spearheaded by the World Economic Forum (WEF) is working to develop a map of the cybercrime ecosystem using open source information.

    The Atlas initiative, whose contributors include Fortinet and Microsoft and other private-sector firms, involves mapping the relationships between criminal groups and their infrastructure with the end goal of helping both industry and the public sector — law enforcement and government agencies — disrupt these nefarious ecosystems.  

    This kind of visibility into the connections between the gang members can help security researchers identify vulnerabilities in the criminals' supply chain to develop better mitigation strategies and security controls for their customers. 

    Continue reading
  • Cloud services proving handy for cybercriminals, SANS Institute warns
    Flying horses, gonna pwn me away...

    RSA Conference Living off the land is so 2021. These days, cybercriminals are living off the cloud, according to Katie Nickels, director of intelligence for Red Canary and a SANS Certified Instructor.

    "It's not enough to pay attention to the operating systems, the endpoints, said Nickels, speaking on a SANS Institute panel about the most dangerous new attack techniques at RSA Conference. "Adversaries, a lot of their intrusions, are using cloud services of different types."  

    And yes, living off the land (or the cloud), in which intruders use legitimate software and cloud services to deploy malware or spy on corporations and other nefarious activities, isn't a new type of attack, Nickels admitted. "But what's new here is the levels to which using cloud services [for cyberattacks] has risen." 

    Continue reading
  • Microsoft seizes 41 domains tied to 'Iranian phishing ring'
    Windows giant gets court order to take over dot-coms and more

    Microsoft has obtained a court order to seize 41 domains used by what the Windows giant said was an Iranian cybercrime group that ran a spear-phishing operation targeting organizations in the US, Middle East, and India. 

    The Microsoft Digital Crimes Unit said the gang, dubbed Bohrium, took a particular interest in those working in technology, transportation, government, and education sectors: its members would pretend to be job recruiters to lure marks into running malware on their PCs.

    "Bohrium actors create fake social media profiles, often posing as recruiters," said Amy Hogan-Burney, GM of Microsoft's Digital Crimes Unit. "Once personal information was obtained from the victims, Bohrium sent malicious emails with links that ultimately infected their target's computers with malware."

    Continue reading

Biting the hand that feeds IT © 1998–2022