The Kronos Ransomware Attacks have caused massive amounts of disruption in the financial services industry. Even though the outage took place two months ago, it still hasn’t completely resolved. This means that payroll processing is not fully up and running, and that data breaches are on the rise.
Data breaches related to the attack
Several data breaches reported in the wake of a cyberattack on workforce management firm Kronos. The attack, which happened in December, disrupted payroll systems and timekeeping systems worldwide.
Thousands of employees of companies such as Pepsi, Puma, and Tesla were among the victims of the breach. Some of the stolen information included Social Security numbers and employee IDs. In addition, names, and other personal information exposed.
During the incident, the company reported the attack to authorities, notified customers, and provided temporary solutions. They also worked with leading cyber security experts.
Several of the organizations affected by the Kronos data breach have filed lawsuits. Some of these claims involve privacy-related issues and some claim to have been the victim of a phishing attack. Regardless of the details of the alleged breach, it’s important to remember that no organization is immune from a data breach.
It’s important to consider the consequences of a data breach, such as the number of impacted users and the amount of data stolen. Even a minor breach can lead to significant stress for the impacted parties.
One of the simplest things you can do to avoid a data breach is to create a disaster recovery plan. This includes ensuring that your employees use company-wide passwords, implement multi-factor authentication, and regularly check your activity logs for suspicious activity.
When a data breach does occur, you should report it promptly. Most regulations require that you do so within 72 hours. However, some reporting requirements vary on a state-by-state basis. For instance, some reports may not require a notification at all.
In the wake of the Kronos attack, several other organizations have experienced similar issues. Many of them have had to rely on paper checks, and some have had to adjust their payroll systems.
While Kronos did not confirm whether the source of the hack was a known security flaw in its Log4j software, it has worked with third party security specialists to mitigate its vulnerabilities. It also notified several state Attorney General offices.
Although the Kronos ransomware attack is relatively small in terms of the total volume of information exfiltrated, it is important to remember that all cybersecurity regulations require that such events reported as soon as possible.
Outage affects payroll processing
A recent cyberattack on Kronos has caused the company’s cloud-based services to be inaccessible. The resulting lack of access to employee timekeeping data has been a problem for many employers. Some have had to resort to manual timekeeping methods to keep track of employee hours, which can result in problems with payroll accounting.
Kronos is a prominent company that provides payroll solutions and scheduling software. Several notable companies have used its products, including PepsiCo, FedEx, and Whole Foods. Although the incident reported by UKG (formerly known as Kronos), there has not been a formal announcement of the extent of the data loss.
While the ransomware attack affected a slew of companies, the incident illustrates how vulnerable modern workplace technology is. Even the smallest of breaches can have a widespread economic impact.
A company’s payroll system not considered a critical infrastructure, but it is important for employers to be able to track employee hours. When the system is unavailable, companies must make a choice between relying on manual timekeeping methods, issuing paper checks, or both.
For Kronos users, the cloud-based services impacted by the ransomware attack will remain inaccessible for some time. Employees who underpaid will have to adjust their pay when the system restored.
Although the cloud-based services have shut down, most companies are still using their offline timesheet systems. This is the only way to keep track of employees’ working hours.
The ransomware attack on Kronos has not only affected the company’s operations, but also the lives of its customers. Many healthcare providers are struggling with a shortage of paychecks and have had to resort to manual timekeeping methods.
While Kronos is working to restore its systems, some impacted employees are still waiting to get their last pay check before the holidays. As more information made available, the company hopes to give clients a better sense of how long it will take for its services to return to full functionality.
In the meantime, some companies are choosing to issue paper checks. Others have created contingency plans to pay workers.
Outage took nearly two months to recover from
Kronos is a popular workforce management software provider used by tens of thousands of businesses internationally. In December, it hit by a ransomware attack. As a result, it has been unable to process payroll for some employees and some companies have been unable to issue pay checks.
Some hospitals and health care employers have left in the dark, including Humber River Hospital in Toronto and Scripps Health in San Diego. The Kronos outage also affected private cloud systems, and the company is working to restore all the systems.
Kronos has not confirmed the cause of the attack, but a banner on the company’s website warns users that they may affected by a Log4j vulnerability. This Java programming language allows hackers to access the system and potentially steal information.
Many of the company’s customers, including the Ultimate Kronos Group, the University of Utah, and Puma, have been unable to use their systems. The company has received criticism for not having backup procedures in place, and for its lack of transparency.
It is unclear how long the outage will last, but some employers have asked their employees to submit their hours by email. Others have asked workers to input their time by hand. These methods are likely to delay the processing of w2 forms and tax information.
Many employers are scrambling to find alternative solutions. One major hospital has replaced its digital test taking tools with pencils, while others have set up alternative payrolls. Another has forced to manually gather data to keep its services running.
Kronos’s website indicates it has over 40 million users. Its products serve the health care industry, but it is not clear whether employee information compromised.
In addition to Kronos, other companies have reported impacted by ransomware attacks. One of the largest was Colonial Pipeline, which paid $5 million to restore operations. Another was the Wiregrass Electric Cooperative, which left its customers without account information.
Kronos’s website says its service is “ready, willing, and able” to respond to the outage, but the company has yet to provide an estimate of when it will restore all its systems.
Contracts complicate potential liability
Many businesses rely on Kronos payroll software to keep track of employee hours. They also use it to process pay and schedule employees. In December, the company announced that its cloud-based time and attendance system had attacked by hackers, which locked up the records of thousands of companies.
Several organizations hit by the attack, including PepsiCo, Tesla, the New York Metropolitan Transit Authority (MTA), and Whole Foods. Although Kronos has stated that it has been able to restore core functions of its system, it hasn’t revealed how long it will take to return all systems to working order. It is also unclear whether it will be liable for the disruption.
However, it may be possible that Kronos is liable for the disruption, based on the way in which it has responded. For instance, the company has provided supplemental tools and resources to its internal security team to improve its overall security.
There is also the possibility that a lawsuit could filed against Kronos. Depending on the specifics of the complaint, it could involve negligence, breach of contract, or privacy violations. As a result, it is important to look carefully at all contracts before choosing a vendor. Also, employers should make sure they are prepared for any unexpected failures and implement corrective measures as soon as possible.
It is important to have a good understanding of the laws in the states in which your business operates. Specifically, the Fair Labor Standards Act (FLSA) has a deadline for filing claims, which is two years from the alleged violation, with extensions for willful violations. If your employer failed to keep records of regular and overtime hours, it is a violation of these laws. Likewise, if your employer didn’t compensate you for the time it took to manually track your hours, it is a violation.
When a company has a data breach, it is common to see a lawsuit filed alleging negligence or privacy violations. It is also common for companies to file suits for breach of contract. While these lawsuits not always clear-cut, the most common allegations are that the defendants violated the terms of their contracts.
Recommended readings:
