Human resources

The impact on human resources of the Kronos ransomware attack – Technology

United States: The impact on human resources of the Kronos ransomware attack

To print this article, simply register or connect to

The unique combination of COVID-19 and a drastic decrease in the workforce has caused more workers to be working overtime this holiday season. Sadly, millions of workers last month experienced delays not only with their packages, but also with their payroll.

Kronos (Ultimate Kronos Group) provides human resource management services such as payroll, attendance and scheduling for organizations and municipalities around the world. Its clients include healthcare organizations, universities, supermarkets and cities.

On December 11, 2021, Kronos admitted that its Kronos Private Cloud was compromised by a ransomware attack. Kronos immediately began its investigation and engaged its cybersecurity team and insurer, and suggested affected customers adopt “alternative plans” to process payroll. As of December 23, 2021, Kronos reported progress in its ability to restore customer data. On December 29, 2021, he reported having a detailed plan to complete the restoration process, which is expected to unfold in phases this month.

Kronos regularly provided updates to customers through dedicated incident communication channels. At the end of December, she was able to offer temporary solutions to customers. Kronos also reported the incident to the relevant regulatory bodies. Yet employers affected by the ransomware attack will address this issue in the coming weeks.

Customers used certain features of Kronos to track employee time entry, and to calculate and track compensation, including overtime or paid time off. While offline clocks still worked, Kronos and its customers were unable to access or collect this data. Organizations were forced to switch to other methods of tracking, such as paper entry. Left without access to time worked, at least one company would have used the average of the three previous paychecks to determine the December salary.

While a ransomware-victimized payroll provider may mitigate penalties under the Fair Labor Standards Act, such an incident does not eliminate the employer’s obligation to pay employees properly and on time. .

Additionally, Kronos reported that a “relatively small volume” of data was exfiltrated by the threat actor, whose identity has not been identified. While the extent and nature of the compromised data is likely still being assessed, this incident should remind any organization to always perform in-depth supplier data security due diligence during the procurement stages. . In anticipation of a data security incident, it is also prudent to keep abreast of data breach notifications and state contractual requirements, with all third party vendors, in order to understand a vendor’s responsibilities. (“data collector”) for 1) timing (and frequency) of disclosure to your organization (“data owner”), 2) reporting to applicable regulators, 3) notification to data subjects (employees), 4) sharing event details, 4) data recovery or entertainment, and 5) compensation (including for downtime service (s)) in the event of a data security incident such as this one.

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.


Why do you need an NFT contract

Klein Moynihan Turco srl

An ever-increasing number of celebrities, athletes and artists are marketing their own NFTs (short for non-fungible tokens)

Banking disputes to watch for in 2022

Pryor Cashman LLP

Jon Hill of Law360 recently spoke to some of the leading litigation industry in the banking industry about recent developments, case law and what to expect as an uncertain 2022 approaches.