Kronos hack will likely affect how employers issue paychecks and track hours
Enlarge this image
Kacper Pempel/Reuters
Kacper Pempel/Reuters
A ransomware fire on one of the largest homo resources companies may impact how many employees get paid and track their paid time off. Human resources management company Ultimate Kronos Group ( known as Kronos ) said it suffered a ransomware attack that may keep its systems offline for weeks. To ensure employees are paid, companies that rely on the software are working to find backup plans — including issuing paper checks, some for the first fourth dimension in years. Kronos is used widely around the U.S. by businesses and governments to track employees ‘ hours and to issue pay. Its many customers include municipal governments, university systems and large corporations. ( NPR besides uses Kronos. ) According to a spokesperson for Kronos, the ransomware attack has affected only customers that use a finical merchandise called the Kronos Private Cloud. “ We took immediate action to investigate and mitigate the issue, have alerted our involve customers and informed the authorities, and are working with leading cybersecurity experts. We recognize the seriousness of the emergence and have mobilized all available resources to support our customers and are working diligently to restore the affect services, ” the spokesperson said in a statement to NPR .
What employers are affected?
Dozens of companies and governmental organizations announced this workweek that they have been affected by the attack — a issue that falls far short of the attack ‘s probably impact, given the ubiquity of Kronos. The hack has affected scheduling products specifically designed for health care systems, fiscal institutions and public safety workers. Over the course of Monday and Tuesday, many employers announced to their staffs that they had been affected — such as employees of New York ‘s Metropolitan Transportation Authority, hospital workers in San Angelo, Texas, and populace water workers in Honolulu. The city of Cleveland, which employs thousands of workers, said in a statement Monday that it is among the employers that rely on the hack software, as does the Oregon Department of Transportation. And a number of universities, such as the University of Utah, George Washington University and Yeshiva University in New York, besides reported being affected.
How does it affect paychecks?
The extent to which individual employees are affected depends on how their employers used the software. Employers that used Kronos to clock employees in and out of shifts may ask workers to manually track beginning and goal times, while companies that rely on Kronos to issue paychecks may send out paper checks therefore long as the servicing is down .
Employers may besides choose to issue generic paychecks that compensate employees for a service line number of scheduled hours, rather than the actual hours worked — and late issue corrections as needed. The Fair Labor Standards Act requires employers to track hours worked by employees no topic the timekeeping method acting used ( in other words, via Kronos, a manual of arms timecard or otherwise ), then pay their workers promptly. individual states may far govern precisely how often those paychecks must come.
What about personal data?
As for personal data, what employee information is stored in Kronos — and consequently could be exposed to attackers — varies by employer. In statements to employees, several companies said that they believed the most sensitive personal data, including Social Security numbers, had not been breached — but the city of Cleveland warned employees that the last four digits of Social Security numbers could be at risk.
How long before the service is fixed?
The service could be out for “ several weeks, ” according to a web log post by Bob Hughes, Kronos ‘ headman customer and strategy officer. The position was published Sunday, though it was later inaccessible. Because the localization could take long enough to affect payroll and scheduling operations, the ship’s company has urged employers to seek out “ alternate business continuity protocols ” while it works on a fix.
Is this related to Log4j?
As of Tuesday, it was not clear how the ransomware attackers were able to knock the software offline. The incident comes on the heels of revelations about a major vulnerability in a man of software called Log4j that is frequently used with the program lyric Java. The Log4j flaw allows a remote control hacker to take over a device or system running the software, permitting the hacker to, among other things, install crypto-miners or steal secret data. Because Java is among the most wide used program languages in the populace, cybersecurity researchers have warned that the effects could be far-flung.
It is not so far a given that the Kronos hack is related to the Log4j vulnerability, said Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future. “ It is probably the attacker had been in Kronos for weeks launching the attack before Log4J was reported. That does n’t mean the two are n’t connected. But the best evidence right immediately says differently, ” he told NPR. extra report by Jenna McLaughlin .