Kronos hack may affect your paycheck and here's why

Woman shocked at computer screen stock photo.
Photo credit Getty Images

Ultimate Kronos Group, a widely used human resources management company, recently suffered a ransomware attack that has left employers scrambling to pay staff.

According to NPR, some companies that use the software are even considering issuing paper checks for the first time in years.

How did the hack happen?

Kronos Executive Vice President Bob Hughes Monday alerted Kronos Private Cloud customers that the service would be disrupted for several weeks due to a cybersecurity incident. In a blog post, he said the company became aware of unusual activity on Saturday.

“We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities,” said Hughes. “The investigation remains ongoing, as we work to determine the nature and scope of the incident.”

NPR said the post was unavailable at some point this week, but it was up as of Wednesday afternoon.

A spokesperson for UKG said the ransomware only affected customers using the company’s Kronos Private Cloud product.

Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future, said that hackers had most likely been in the Kronos system for weeks. He said it is unknown whether the attack is related to a vulnerability discovered in software called Log4j that is frequently used with the programming language Java, one of the most widely used programming languages.

That vulnerability allows remote hackers to take over a device or system running the software.

What employers did the hack impact?

Examples of employers who rely on the UKG software to track hours worked and issue pay are: New York's Metropolitan Transportation Authority, the city of Cleveland, the Oregon Department of Transportation, the University of Utah, George Washington University, Yeshiva University in New York and NPR.

Scheduling products specifically designed for health care systems, financial institutions and public safety workers were part of the hack.
Dozens of companies and organizations announced last week that they were impacted, said NPR. Different employers utilize the software differently.

“We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts,” the UKG spokesperson said in a statement to the outlet. “We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services.”

How will employees be impacted?

How their employer uses the software will determine how employees are impacted.

For those who work for employers that use Kronos to clock employees in and out of shifts, workers may have to manually track start and end times. Those at companies that rely on Kronos to issue paychecks could receive paper checks.

Employees may also receive generic paychecks covering a baseline number of scheduled hours, rather than the actual hours worked. Hours could be corrected later.

Per the Fair Labor Standards Act, employers are required to track hours worked and pay their workers promptly. States may further stipulate exactly how often paychecks must come.

Apart from payment issues, Cleveland said the last four digits of workers’ Social Security numbers could have been jeopardized. However, most employers said the most sensitive data in the system had not been breached.

Featured Image Photo Credit: Getty Images