Kronos ransomware attack could impact employee paychecks and timesheets for weeks

Kronos has a long list of notable customers across the public and private sector, including the city of Cleveland, New York’s Metropolitan Transportation Authority (MTA), Tesla and MGM Resorts International. It also works with many hospitals across the country.

Some employers find themselves having to make contingency plans in order to pay workers, such as shifting to paper checks. And some impacted employees have been unable to access payroll systems.

The ransomware attack impacts Kronos Private Cloud solutions, a data storing entity for several of the company’s services, including UKG Workforce Central, which is used by employees to track hours and schedule shifts.

«UKG recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud, which houses solutions used by a limited number of our customers. We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts,» a Kronos spokesperson told CNN Business.

«We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services,» the spokesperson added.

It is still possible in most cases to log hours on the offline Kronos timesheet system, though it is unclear when these systems will come back online.

«[E]very employee will get paid for every hour they work. We have complete confidence that we will be able to determine how many hours employees work and pay them for those hours and we continue to ask employees to keep time the way they always have,» MTA spokesperson Tim Minton told CNN Business.

News of the ransomware incident came after a security flaw in widely used software across the internet, called Log4j, was made public late last week, opening the door in many companies’ systems to hackers. Kronos has not confirmed that the ransomware attack is linked to the Log4j vulnerability and did not respond to CNN Business’s request for comment on a possible connection.

A separate banner on Kronos’ website, which was not part of the HR company’s specific messaging on the ransomware attack, warned about the potential impact of the Log4j vulnerability and noted that the company had «invoked emergency patching processes» to address it.

In addition to the potential payroll issues, there’s also data privacy concerns. The city of Cleveland said in a statement Monday that Kronos alerted it that sensitive information may have been compromised in the attack. Employee names, addresses and the last four digits of social security numbers may have been stolen by the hackers inside Kronos’s network. In an FAQ page on its site about the security incident, Kronos said its «investigation is ongoing, and we are working diligently to determine whether customer data has been compromised.»