A cyberattack on a popular payroll software provider sent work-tracking systems offline this week, forcing companies to resort to manual methods to pay workers.
UKG Inc. is continuing to investigate and manage outages related to a ransomware attack that forced it to shut down some of its Kronos cloud-based services that log and store employee working hours. The outages have lasted through the week and could continue into the new year, according to notices posted on a UKG website. The Lowell, Mass.-based company disclosed the attack Dec. 11.
A spokesman for UKG said it is taking action to resolve the attack and is engaged with cybersecurity experts and authorities.
“We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services,” he said.
Kronos users span a range of industries, covering retail, government services, manufacturers, and numerous healthcare systems. The American Hospital Association said in a Dec. 14 statement that it had seen several reports from hospitals that had been affected by the outage, and warned that the lack of system availability could be “quite disruptive” given a continuing rise in seasonal flu and Covid-19 cases.
The impact of the outage is particularly acute for retail stores, given employees often work overtime hours in the run-up to Christmas Day. A spokeswoman for J Sainsbury PLC, which runs the British supermarket chain Sainsbury’s and uses Kronos to log working hours, said that the company has contingency plans in place to meet payroll on time, and that it is in contact with UKG. The BBC reported Thursday that Sainsbury’s had lost a week’s worth of data, and is using historical data and working patterns to pay its 150,000 U.K. employees.
New York’s Metropolitan Transportation Authority has also been affected by the Kronos outage.
Photo: Spencer Platt/Getty Images
New York’s Metropolitan Transportation Authority, which uses Kronos in its timekeeping system, said payroll issues stemming from the outage are affecting around 20,000 of its 66,000 active employees. The MTA is implementing contingency plans to ensure there will be “minimal impact” to payrolls, although, in some cases, adjustments might need to be made at a later time for overtime hours, paid leave or special payments, spokesman Eugene Resnick said.
“What we have assured everyone is that they should continue to swipe in and out. It is expected that we will be able to retrieve the data from the Kronos clocks and therefore will be able to account for all time worked,” he said. The New York Post earlier reported that the organization had been affected by the outage.
The payroll issues stemming from the Kronos outage come as technology staff around the world are grappling with a newly discovered vulnerability in a software tool known as Log4j that logs user activity. UKG said in a notice on its website that it is aware of the Log4j flaw, and has measures in place to prevent hackers from exploiting it.
The ransomware attack at UKG is the latest in a number of cyber incidents during 2021 targeting technology service providers and supply chains. In July, Kaseya Ltd., which offers technology management tools, was the victim of a ransomware strike that subsequently infected hundreds of customers. A February attack on software company Accellion USA LLC exposed data from law firms, universities and other users of its File Transfer Appliance platform.
Write to James Rundle at [email protected]
Copyright ©2021 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8
Appeared in the December 18, 2021, print edition as ‘Cyberattack Hampers Payrolls.’
