When we talk about cyber attacks, we often think of massive global corporations or high-stakes bank heists. We imagine shadowy figures in hoodies targeting Silicon Valley giants. We don't usually imagine a small, family-founded recruitment agency in Gateshead.
But for Ashleigh Wright, the Managing Director of Westwray Recruitment Group, the digital threat became a visceral, emotional reality in mid-2025. It wasn't just a technical glitch; it was a crisis that pushed her team to the brink and left her in tears.
This is the story of how a "small" business became a target, and why every recruitment agency in the UK needs to be paying attention.
A Legacy at Risk
Westwray Recruitment Group isn't just another agency. It was founded in 1990 by Ashleigh’s mother, building a reputation over three decades for reliability in the engineering, automotive, and manufacturing sectors. When Ashleigh took over the mantle, she wasn't just managing a business; she was stewarding a family legacy.
For 35 years, they had never missed a payday. They were the bridge between local talent and the industries that keep the North East moving. But in a single weekend, that 35-year streak was placed in serious jeopardy.
"I made the decision to personally call every single one of our temporary workers to explain that they actually weren't going to be paid on that Friday." : Ashleigh Wright
The Weekend the World Stopped
It happened on a quiet Friday evening. The team went home, looking forward to the weekend. But behind the scenes, the digital walls were being breached. Over the course of that weekend, a colleague tried to log in and found themselves locked out.
At first, it seemed like a standard IT hiccup. "A quick call to the IT company and it's resolved," was the initial thought. But by Monday morning, the reality set in. The entire system was encrypted. Westwray was the victim of a ransomware attack.
The silence that followed was the scariest part. There was no immediate ransom demand, no message on the screen: just total, digital darkness. As we’ve discussed in our guide on understanding the real threat of cyber attacks, these attacks are rarely about the size of the company; they are about the value of the data you hold.
The Backup Betrayal

If a recruitment agency loses its data, it loses its heartbeat. For Westwray, the blow was doubled when they discovered that their backups hadn’t been working as planned.
When the systems were finally brought back online on Wednesday, three months of payroll data were gone. For a firm with a £6.5m turnover and roughly 200 temporary staff to pay every week, this was a catastrophe.
This highlights a critical lesson for any growing business: building robust infrastructure isn't just about having a backup; it's about verifying that those backups are actually viable when you need them most.
The 14-Hour Grind
The recovery wasn't a matter of clicking a button. It required raw, manual labour. A team of 15 staff members had to work 14-hour days, painstakingly re-inputting three months of data to ensure the payroll could eventually be processed.
They were racing against the clock. Payday was looming, and they knew they couldn't hit the deadline. The technical failure had transformed into a human crisis.
The Phone Calls and the Tears

Ashleigh Wright could have sent a mass email. She could have put a notice on the website. Instead, she chose the hard path: she personally called all 200 temporary workers to tell them their money would be three days late.
"I was absolutely floored and gobsmacked at the responses," she told TechInformed. Expecting anger and frustration, she was instead met with kindness. The temps, whose own livelihoods were being delayed, were asking her if she was okay.
That was the moment the weight of the situation truly hit. Ashleigh ended up in tears during those calls: not because of the data loss, but because of the immense responsibility she felt toward the people relying on her agency.
Why Recruitment Agencies are "Gold Mines" for Hackers
You might think, like Ashleigh did, "Why would they target me? I’m just a small agency in Gateshead." But to a cybercriminal, a recruitment agency is a treasure trove of high-value information. Think about what you hold in your database:
- CVs and Employment Histories: Perfect for identity theft.
- Bank Details: Direct access to financial information.
- National Insurance Numbers: The holy grail for fraudulent activity.
- Personal Contact Details: Home addresses, phone numbers, and private emails.
When this data is encrypted or stolen, the business doesn't just stop; its reputation is potentially damaged beyond repair. At Picnic IT, we advocate for enterprise-level security protection for SMEs precisely because the data held by a small recruiter is just as sensitive as the data held by a global bank.
The Public Warning: "It's Not If, But When"
Ashleigh Wright is now on a mission. She has put aside the "embarrassment" of being attacked to warn her peers. In an interview with Business Live, she emphasised that tech evolves so rapidly that it’s hard for small business owners to keep up.
She’s now asking other firms to question their providers: What are you doing? What updates are you performing? Are our backups actually working?
"Keep checking and revisiting what you've got… tech evolves so rapidly, it can be hard to keep up with it." : Ashleigh Wright
How Managed Security Could Have Changed the Outcome

At Picnic IT, we look at this case study and see where the "all-you-can-eat" support model and proactive security could have intervened.
- Endpoint Security & 24/7 Monitoring: Modern ransomware often leaves "footprints" before it fully executes. Managed security monitors these anomalies in real-time, often stopping the encryption before it can spread.
- Managed Backups: We don't just "set and forget." Backups need to be tested and verified regularly. If Westwray's backups had been managed and monitored correctly, the 14-hour manual re-entry days would never have happened.
- MFA and Server Hardening: Ashleigh noted that they have now implemented two-factor authentication (MFA). Implementing these best practices for maintaining a secure network before an attack happens is the difference between a minor incident and a total shutdown.
Key Insights for Recruitment Leaders
- Human Cost > Financial Cost: The emotional toll on your staff and the stress on your MD can be more damaging than any ransom demand.
- Check Your Backups Today: Don't wait for a crisis to find out your safety net is full of holes.
- Size Doesn't Protect You: Hackers use automated tools to find vulnerabilities; they don't care if you're in London or Gateshead.
- Verify Your Partners: Ask your IT provider for concrete evidence of their security protocols.
Final Reflections
The Westwray story ends on a note of resilience. Ashleigh and her team survived, they recovered the data, and they paid their staff. But the cost was immense: in time, emotion, and stress.
As a growing business, you shouldn't have to be a cybersecurity expert. You should be focused on finding the best talent for your clients. Partnering with a comprehensive IT and security provider like Picnic IT means you get enterprise-grade protection without having to manage the complexity yourself.
Don't wait until you're on the phone to your contractors in tears. Let's build your digital fortress today.
Want to ensure your agency is protected? Contact Picnic IT today for a security audit and let's make sure your "weekend" stays quiet.