Payroll and timekeeping services at organisations that use Kronos HR software have been disrupted after it suffered a cyber attack which has forced its system offline.
Parent company Ultimate Kronos Group (UKG) warned that Kronos Private Cloud had been hit by a ransomware attack and had been taken offline, which had affected employers that use UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions.
In a message posted on its support forums, which was also emailed to customers, executive vice president Bob Hughes said it could be several weeks before the systems are back online.
“Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions,” he said.
“We deeply regret the impact this is having on you, and we are continuing to take all appropriate actions to remediate the situation. We recognise the seriousness of this issue.”
Customers questioned whether any of their data had been compromised or lost, and asked why there was no back-up arrangement.
“This going to to be a huge hardship for our employees that depend on the premium pay such as night diff, meals, overtime,” one said.
Among the organisations affected in the UK were Sainsbury’s and Boots. Sainsbury’s uses Kronos software to log, store and process the hours staff work, and it has reportedly lost a week’s worth of data.
A Sainsbury’s spokesperson told Personnel Today: “We’re in close contact with Kronos while they investigate a systems issue. In the meantime we have contingencies in place to make sure our colleagues continue to receive their pay.”
Boots has also been affected by the outage.A spokesperson said: “UKG is the third party supplier of the time and attendance system that we use. It is currently experiencing a service outage following a suspected cyber attack. Whilst we wait for the service to be reinstated, we have implemented manual solutions to protect team member pay.”
A UKG spokesperson said: “UKG recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud, which houses solutions used by a limited number of our customers. We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts.
“We recognise the seriousness of the issue and have mobilised all available resources to support our customers and are working diligently to restore the affected services.”
Cyber security experts have warned that the attack is likely put significant pressure on HR teams in the busy weeks before Christmas.
“The estimated outage time of several weeks is likely to have a significant impact on organisations as they try to close the year while managing not only basic payroll, but also the bonuses and other annual calculations that need to take place,” said Erich Kron, a security awareness advocate at KnowBe4.
The estimated outage time of several weeks is likely to have a significant impact on organisations as they try to close the year while managing not only basic payroll, but also the bonuses and other annual calculations that need to take place” – Erich Kron, KnowBe4
“This attack drives home the need to not only have, but also to practice, disaster recovery and continuity of operations plans that can be enacted quickly and efficiently. The more heavily reliant organisations are on technical services, even those in the cloud, the more important it becomes to have a plan to operate without these services, even for a short time.”
Organisations should also be alert to the fact that ransomware gangs often act when firms are short-staffed due to holidays or when they are extremely busy, Kron added. This is because they hope the attack will take longer to spot and the victim will pay the ransom in order to get systems back online quickly.
Jake Moore, a global cyber security advisor at IT security company ESET and the former head of digital forensics at Dorset Police, said the impact of the attack on customers would be “tremendous”.
“Holidays, bonuses and a limited workforce all make this attack all that much worse plus the knock on effect to other businesses will also be felt more than usual,” he said.
“When you hear of attacks forcing companies back to pen and paper for trivial tasks such as monitoring timekeeping, it is shocking to think we are heading into 2022 with the same attack vectors as we have seen for much of the last decade.”
Kronos and Ultimate Software merged to form Ultimate Kronos Group in 2020.