Giant Pay cyberattack ongoing

It has been confirmed that the Giant Pay cyberattack, a matter that is understood to still be ongoing, stemmed from an incident that was identified on 22^nd September 2021.

The incident is understood to be a ransomware attack, and it remains unknown as to whether any personal information has been compromised. The matter has been reported to relevant authorities, and there may have been some disruption to services so far.

Your Lawyers – as leading Data Leak Lawyers – specialise in legal justice for data breach victims. We see these kinds of incidents all the time and represent thousands of people for cases on a No Win, No Fee basis. Hopefully, personal data will not be exposed in this attack, but it remains to be seen.

About the Giant Pay cyberattack

Finer details are not yet known as to exactly what is going on with the Giant Pay cyberattack and how people may or may not be affected.

According to the company’s website, they confirmed that:

“Giant Group was the victim of a sophisticated cyber-attack on 22nd September 2021. International law firm Crowell & Moring immediately put in place a team of experts in the US, UK and Brussels who have been carrying out necessary steps as part of the ongoing investigation. Together, we worked with our insurers, the ICO and the NCA on the investigation, alongside a number of other specialist advisers and have been sharing updates as soon as we are advised that it is safe to do so.”

The incident has so far been reported by a couple of media outlets, and there are suggestions that some users of the service have faced, or may face, delays in receiving payments. Giant Pay has confirmed that they are on track to pay people.

It is understood that the Giant Pay cyberattack may be a ransomware incident, with systems and servers potentially locked down by cybercriminals. If this is the case, the company may be facing a ransom demand for the release of their systems, which is usually how these kinds of attacks work.

Has information been compromised in the cyberattack?

According to the FAQ that Giant Pay has put in place with regards to the cyberattack, on the matter of whether data has been compromised, they have confirmed as follows:

“To give you reassurance, all of your data is held on Pure Storage arrays, which is automatically encrypted.”

This does not give any certainty as to whether data has been compromised, or whether it still could be. If this is a ransomware attack, it will usually be the case that data is exposed by cybercriminals unless a ransom is paid, although some go on to expose or sell on compromised information anyway.

What can people do about the cyberattack?

We do not yet know enough information about the Giant Pay cyberattack to determine how people may be affected. Hopefully, no information has been compromised at all, and all will be well. However, if any personal data is exposed or misused, we then need to assess whether the company did enough to have prevented the cyberattack from taking place.

Giant Pay has stated that this was a sophisticated cyberattack. This is a common description used by companies that have been hit by such attacks, so we will need to await further information before making any determinations in that regard.

What we can say is that if they failed to do more and if people’s personal information has been compromised, victims could be entitled to claim data breach compensation. This could be for any distress caused by the loss of control of personal information, and if there are any delays with payments that arise form the cyberattack, we appreciate that this could cause significant distress.

Push payment fraud arising from data breaches

Pension scheme data breach numbers soar