Updated 18:33: giant group acknowledges “sophisticated cyber-attack”
IT contractors, HGV drivers and other workers have been left sweating after PAYE umbrella companies giant group and Unified Payroll suffered cybersecurity incidents that pulled finance systems offline — resulting in missed payments to what is believed to be tens of thousands of workers around the country in recent weeks.
At giant group, contractors chasing missing payments couldn’t even put in a call to chase payment dates: “Our phone system is integrated in our network and IT infrastructure. We had to close the whole network and therefore our phone system was inaccessible”, the company admitted in an online Q&A on its homepage.
“We are liaising with Giant to ensure we can address this issue at speed, and while Giant has been the victim of a criminal ransomware cyber-attack, I am reassured that their only priority is to ensure that contractors receive the money they are owed,” Phil Pluck, chief executive of the Freelancer & Contractor Services Association (FCS) told Simon Moore of Contractor UK.
One frustrated unpaid contractor told The Stack: “Their employee portal where you submit your timesheets, access your payslips and which has all of your personal data went down on Monday 20th, they took their phones down soon after and email too — no explanation from them until 24th Friday…”
Writing on the Offpayroll.org.uk LinkedIn account, another technical contractor wrote: “No pay for over a month, text received on 21st Sept saying your pay will be in bank by 22nd, nothing arrived. No communication or indication of when I will be paid. My agency has also been chasing as they sent the money through in the first week of September. Coming up to month-end so there will be financial implications for me.”
UPDATED 18:37 September 27: The company said in an emailed comment late Monday: “We can confirm that Giant Group was the victim of a sophisticated cyber-attack on September 22nd.
“International law firm Crowell & Moring immediately put in place a team of experts in the US, UK and Brussels who have been carrying out necessary steps as part of the ongoing investigation. Together, we continue to work with our insurers, the ICO and the NCA on the investigation, alongside a number of other specialist advisers and have been sharing updates as soon as we are advised that it is safe to do so.
“We can confirm that giant screening was unaffected and the giant finance+ and giant precision portals are now up and running. Although we had no portals to operate from, we managed to pay over 8,000 workers last week. We appreciate that not everyone would have received their expected payment and for that we are sincerely sorry. We are aiming to be able to process your payroll and pay you by Friday.
“…We are currently working on a technical issue that is preventing us from getting the giant umbrella and giant accounts portals back up and running. We are doing everything we can to resolve this…“
giant group runs payroll for tens of thousands of contractors at over 1,400 agencies according to the LinkedIn footprint of its staff and had turnover of £218 million in 2020. A “workforce management” specialist it provides umbrella services for companies hiring contractors under IR35 — a piece of UK tax legislation designed to prevent employers from engaging long-term workers as self-employed contractors.
giant group, which names clients like banks Société Générale and BNP Paribas, Suffolk and Derby County Councils, the UK’s biggest gas distribution network Cadent, and others, earlier said systems should be back online “this morning” (September 27) but missed that deadline. The incident bears the hallmarks (i.e. a much-delayed recovery) of a ransomware attack, but The Stack could not independently confirm this speculation.
Contractors say after missed payments last week they failed to reach the company by email or phone.
One IT worker said on September 23: “I managed to contact a Giant payroll employee over LinkedIn who assures me it’s a server breakdown issue over the last 2 days which also affected payroll.
“He seems confident it will be back up tomorrow (Fri).” (This did not happen.)
The company initially disclosed the breach on September 24, but contractors say they were left with overdue pay and no updates for days after giant group failed to proactively notify those affected.
In giant group’s September 24 update, it said that “upon detection of suspicious activity on our network on 22nd September 2021, we immediately assembled a response team including IT data experts and specialist lawyers, and we are currently working with the highest priority to resolve this issue.
“As part of the investigation and as a measure of caution, we have proactively taken our systems offline and suspended all services temporarily. We are also liaising with the appropriate authorities to investigate and remediate the situation. We can confirm that our databases are encrypted.”
In a series of updates distinctly thin on detail (although the incident smacks of a ransomware attack), giant group did not say if any personal data had been exposed or if it had contacted the ICO.
“We were on track to get all our systems back this morning, we have been working through the night and we anticipate we will have our giant finance+ and giant precision portals back online this morning,” the giant group said on September 27. “We are still working hard to get the giant umbrella portal fully operational.”
Have you been affected? Get in touch.
Another umbrella company, Unified Payroll says it has also been hit. The company said: “We experienced some severe issues with our payroll system on the 16th and 17th September which has resulted in a security issue with our bank account. We have been unable to remit any payments to any workers for these payrolls.
“Our directors are working very closely with our bankers to reach a quick resolution. In these situations, very little information is often shared. We do apologise for this unprecedented and very unfortunate situation; we are hoping this is resolved in a very timely manner and we will immediately pay all workers due payment.
“We will continue to email affected workers with an update.
“We apologise for this inconvenient and we thank you for your patience at this frustrating time.”