UK umbrella company Giant Group, a business used by thousands of contractors, has revealed its systems were targeted with a “sophisticated” cyberattack.

The recent attack forced the firm (known by many under the name of Giant Pay) to entirely shut down its network. This included both its email and phone systems, along with its dedicated IT infrastructure.

Disruptive attack on key systems

The Giant Group first commented that it was working on fixing a technical problem that was preventing it from being able to get its accounts portals in operation again.

The incident caused chaos and anger from IT contractors who were not able to get in touch with the group or conduct tasks related to payroll.

The Giant Group recently issued a statement explaining the incident:

“Giant Group was the victim of a sophisticated cyber-attack on September 22nd. International law firm Crowell & Moring immediately put in place a team of experts in the US, UK and Brussels who have been carrying out necessary steps as part of the ongoing investigation. Together, we continue to work with our insurers, the ICO and the NCA on the investigation, alongside a number of other specialist advisers.”

The company went on to state that it was hesitant in revealing details due to the type of attack it had suffered. However, it added that it had shared news updates on the incident as quickly as possible once it had informed by experts that it was safe to release information.

At present, the threat operators behind the attack are unknown and the Giant Group has not disclosed if the incident involved ransomware techniques.

A spokesperson commenting for the UK’s National Crime Agency (NCA) said:

“The NCA is aware of an incident affecting Giant Group Ltd and we are working with partners to better understand its impact.”

Impact of a cyber strike

According to recent reports from frustrated workers, there have been many discrepancies regarding payments, which the group says it hopes it will be able to resolve quickly.

It was also stated that Giant Group had issued interim payments for over 8,000 contractors paid for work they perform with other organisations and companies through its payroll services. However, it is unclear if all these contractors have been paid now, or if the payments received were the full expected amount.

Frustrated contractors made numerous complaints regarding the lack of payments and their inability to get a clear answer from Giant Pay regarding when the matter would be resolved.

Acknowledging the issued faced by the contractors using Giant Pay, the Group stated that it understood the situation, adding:

“Everyone is frustrated about the lack of communication”.

It stated that it would be providing updates on the incident via status messages on its website, and this would happen as and when information was available and approved to be shared.

Companies that supply key services to other enterprises such as payroll make ideal targets for cybercriminals. When sites, portals and services are struck, such firms suffer maximum disruption.