Cyber Incident Victim: Giant Pay
Date:
Sep 2021
Location:
United Kingdom
Summary
A UK payroll services provider experienced a sophisticated cyberattack that disrupted its entire network, forcing system shutdowns including phone, email, and payroll portals. The incident prevented contractors from accessing services or receiving timely payments, with unresolved discrepancies reported despite interim payments issued to over 8,000 affected workers. The company engaged international legal experts and coordinated with law enforcement agencies and regulators during the investigation, citing security concerns for delayed communications. Ongoing recovery efforts focused on restoring operations and resolving outstanding payment issues while facing contractor frustrations over limited updates.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On September 22, 2021, UK-based payroll services provider Giant Group, widely known as Giant Pay, suffered a sophisticated cyberattack that forced the immediate shutdown of its entire network. The company disabled all IT infrastructure, including phone and email systems, along with its contractor-facing portals for Giant Umbrella and Giant Accounts. The incident prevented thousands of contractors from accessing payroll services or contacting the company, with disruptions first becoming apparent when workers could not perform routine payroll tasks. Giant Group confirmed the attack six days later on September 28, disclosing that international law firm Crowell & Moring had mobilized cybersecurity experts from the US, UK, and Brussels to lead the investigation. The company coordinated with Britain’s National Crime Agency (NCA), the Information Commissioner’s Office (ICO), insurers, and other specialist advisors, though it did not identify the attackers or confirm whether ransomware was deployed. Giant Group attributed its delayed public communication to safety concerns tied to the attack’s sophistication, stating it shared updates only when advised it was secure to do so.
The attack caused widespread payment delays affecting contractors expecting wages on September 24, with many reporting no prior notification about disruptions. Giant Group issued interim payments to over 8,000 contractors but could not guarantee all affected individuals received full or timely compensation, acknowledging unresolved discrepancies. Contractors expressed frustration over the lack of communication, citing reliance on sporadic website updates after failed payment dates. The Freelancer & Contractor Services Association (FCSA) confirmed it was liaising with Giant to ensure resolution, noting the company’s around-the-clock efforts to rectify payments and minimize operational impacts. As of September 28–29, Giant’s systems remained offline with no confirmed restoration timeline, while the NCA continued assessing the incident’s scope alongside partner agencies.