Reply to: Giant Umbrella

I've sent you a mail eek. I am arranging a podcast with Phil Pluck at some point. Can either introduce you directly to his for a chat or send me a list of questions.

Well if Giant's data centre was ram-raided and they stole all the hard disks this might actually make a difference.

Unfortunately there is much misunderstanding about data encryption - in the main, the methods used by most firms don't do anything to help protect your data, apart from mark an auditors tick-box.

Another way of putting it - data has to be unencrypted to be usable. If your website / local network is owned, the data is available to anyone with the relevant access.

There are exceptions to implementing data encryption correctly - but in 95% of cases its more effort than it is worth.

Why? If you look at Giant's latest statement all data was encrypted so hasn't been stolen.

From their FAQs.... FAQ's September 2021 (giantpay.co.uk)

Turns out your conjecture was right.

https://www.contractoruk.com/news/00...re_attack.html

I am sure we can read all about it in the ICO report when it is published!

If you squint enough, a ransomware attack is a technical difficulty (assuming it has locked them out of their systems).

But, this was pure conjecture on my part, based on absolutely no evidence (although the widespread system outages does fit the model).

So does this mean we should be taking their claims of 'technical difficulties' causing the ongoing outage with a pinch of salt?

Unlike most on this board I am not a technical or IT savvy person, my contracting is in other areas, so I don't know what to think.

They do seem to be a windows environment and that would explains why lawyers were involved so quickly

My bet is on a ransomware attack.

"Thank you for your continued patience whilst we work around the clock to bring giant back to business as usual.

We can confirm that Giant Group was the victim of a sophisticated cyber-attack on September 22nd. International law firm Crowell & Moring immediately put in place a team of experts in the US, UK and Brussels who have been carrying out necessary steps as part of the ongoing investigation. Together, we continue to work with our insurers, the ICO and the NCA on the investigation, alongside a number of other specialist advisers and have been sharing updates as soon as we are advised that it is safe to do so.

We can confirm that giant screening was unaffected and the giant finance+ and giant precision portals are now up and running.

Although we had no portals to operate from, we managed to pay over 8,000 workers last week. We appreciate that not everyone would have received their expected payment and for that we are sincerely sorry. We are aiming to be able to process your payroll and pay you by Friday.

We know everyone is frustrated about the lack of communication and we’d like to offer an explanation; our phone and email systems are integrated in our network and IT infrastructure. As a result, when we had to close the whole network, our phone and email systems were inaccessible. With instances related to a cyber-attack, there are certain protocols that must be followed to ensure that the integrity of the investigation is not compromised and therefore we unfortunately were unable to communicate with you as openly as we wanted to.

We are currently working on a technical issue that is preventing us from getting the giant umbrella and giant accounts portals back up and running. We are doing everything we can to resolve this so that we can then begin our conversations with you.

We will continue to share information with you as soon as we are able. We understand the disruption and frustration that the attack has caused, and we sincerely apologise for the inconvenience".

Nope it’s a paperwork audit, to describe it as a financial audit would be an insult to audits.

I believe FCSA is just a financial audit.

Do FCSA do a cyber security check on each business or is it a financial audit only?

their website still says:

We were on track to get all our systems back this morning, we have been working through the night and we anticipate we will have our giant finance+ and giant precision portals back online this morning. Our giant screening portals were unaffected. We are still working hard to get the giant umbrella & giant accounts portals fully operational.

Once all systems are back up and running, our phone lines will be open. Please visit our website throughout the day for more updates.


It sounds serious. Wonder what the impact and implications of this will be... has anyone here been affected?

You'll most likely find that this is the same amount you received the last time you were paid through Giant?

We got a tiny bit more info on what was going to happen via the recruitment agency in the organisation I'm working for. They told us we'd be paid the same amount as last week, to ensure people weren't left high and dry. Sadly for me I happened to have been paid for a short week last time, but better than nothing while they sort out whatever is going on.

I'm surprised this isn't bigger news in here tbh. Surely thousands of people affected.