Kronos has a long list of notable customers across the public and private sector, including the city of Cleveland, New York’s Metropolitan Transportation Authority (MTA), Tesla and MGM Resorts International. It also works with many hospitals across the country.
The ransomware attack impacts Kronos Private Cloud solutions, a data storing entity for several of the company’s services, including UKG Workforce Central, which is used by employees to track hours and schedule shifts.
“UKG recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud, which houses solutions used by a limited number of our customers. We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts,” a Kronos spokesperson told CNN Business.
“We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services,” the spokesperson added.
It is still possible in most cases to log hours on the offline Kronos timesheet system, though it is unclear when these systems will come back online.
“[E]very employee will get paid for every hour they work. We have complete confidence that we will be able to determine how many hours employees work and pay them for those hours and we continue to ask employees to keep time the way they always have,” MTA spokesperson Tim Minton told CNN Business.
A separate banner on Kronos’ website, which was not part of the HR company’s specific messaging on the ransomware attack, warned about the potential impact of the Log4j vulnerability and noted that the company had “invoked emergency patching processes” to address it.
Source : CNN