Kronos Workforce Ransomware Attack Leaves Millions Exposed

The Kronos Ransomware Attack Fallout

Ultimate Kronos Group (UKG), a leading provider of workforce management software, whose HR management solutions are used by a who’s who of corporations and organizations, experienced a ransomware attack last December. Their customers include the city of Cleveland, New York’s Metropolitan Transportation Authority (MTA), Tesla, and MGM Resorts International. UKG also works with many healthcare extensions across the United States.

Kronos Private Cloud Hack Impacted Public Entities

Impacted organizations experienced protracted payroll issues as well as the exposure of social security numbers

In December 2021, Kronos revealed that it had been the victim of a ransomware attack, leading to its customers’ payroll systems being taken down and employee data compromised.

So, its customers turned on Kronos.

Some of its customers had to resort to contingency arrangements to pay their staff, such as going back to paper checks. Millions of employees were left in administrative limbo, unable to access payroll systems due to the outages.

The ransomware attack targeted Kronos Private Cloud solutions, a data storage site for several of the firm’s services, including UKG Workforce Central, which employees utilize to track hours and manage shifts.

“We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts. We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services,” a spokesperson said in a statement issued to NPR.

Legal Woes

A massive class-action lawsuit was filed against the company in early January, alleging that Kronos failed to adequately secure its systems and protect customer data in the Kronos Private Cloud.

The lawsuit seeks damages for Kronos customers who had to rely on paper checks and manual processes to pay their employees due to the attack.

Employees of Puma who had their personal identifying information, such as social security numbers, stolen are among those filing lawsuits. And other customers like Tesla, PepsiCo, and transit workers in New York City are also suing the company over their mishandling of the attack and negligence in securing customer data.

It is not yet known who was behind the attack or how much Kronos paid in ransom, but the fallout from the attack continues to mount for the firm, with more lawsuits sure to follow.

It is also unclear how much Kronos will have to pay out in damages, but the company’s reputation has certainly been tarnished.

Kronos’ very business model is now being questioned.

Kronos’ Business Continuity Plans Were Insufficient

Kronos might have been able to avoid this PR nightmare if it had heeded the warnings of its customers and taken steps to secure its systems.

The Kronos attack was a wake-up call for many organizations like Puma, Tesla, and the NFL, who had come to rely on Kronos for their payroll needs. It has led some to question whether Kronos is really the best solution for them.

After all, if Kronos can’t keep its systems secure, how can its customers be confident that their data will be safe?

And when you understand that entire council municipalities rely on Kronos to keep their data safe, the Kronos attack becomes even more worrying.

The Kronos private cloud ransomware incident expoosed personal data of a relatively small volume of workers but could have potentially disabled core services

The Kronos Ransomware Attack Was a Real Eye-Opener

It showed that no organization is safe from cyberattacks, no matter how big or small.

It also showed that Kronos is not the invincible god of time it once seemed to be.

Kronos started life as a manufacturer of time clocks and time-keeping software. But in recent years, it has become much more than that. Kronos now provides payroll and HR solutions to some of the biggest organizations in the world.

So when Kronos was hit by ransomware from an as-yet undeclared source, it sent shockwaves through the business world.

As the IT worker from the Tacoma Fire Department put it out there for everyone to read on Twitter: how can a company the size of Kronos not have adequate disaster recovery in place?

Disaster Recovery Plans Offset the Threat of Cyber Attacks

Kronos for Banking Scheduling Solutions is advertised as "the data and tools you need"; however, the attack on the Kronos provate cloud leaves many wondering if UKG solutions' own netwrok is robust and protected

Disaster recovery plans are vital for any organization, no matter how big or small. But it seems that Kronos did not have a plan for this data breach.

It is still unclear exactly how much data was stolen and what the hackers now have access to.

What is clear is that Kronos failed to protect its customer data and employee data. And that is a huge problem.

The data breach at Kronos is a reminder that no organization is safe from cyberattacks. It also highlights the importance of having a robust disaster recovery plan in place.

While Kronos’ system availability has now been restored, albeit, with certain supplementary customer applications still in the process of coming back online, the question remains: can Kronos really be trusted with customer data?

Data is the lifeblood of any organization. And when that data falls into the wrong hands, it can have devastating consequences.

Real Costs of a Cyber Attack

The cost of cyber assaults has climbed to an estimated $3.6 million per incident, according to the World Economic Forum (WEF) Global Cybersecurity Outlook 2022 report. The survey also revealed that it takes on average 280 days to detect fraud and respond to an attack.

Not only are huge sums of money likely to be paid out in ransom and legal costs, but such a data breach can cause irreparable damage to an organization’s reputation.

To safeguard against this type of ransomware incident, what is needed is a reliable data backup solution that can be quickly accessed and used to restore data in the event of an attack.

But the Kronos private cloud did not have that in place. And as a result, its customers are now paying the price.

Ransomware Attacks on the Rise

The inability of the Kronos Private Cloud to protect its own network left tens of thousands of employees' personal information vulnerable to threat actors

In the wake of the Kronos attack, it is clear that data security is now more important than ever before. Organizations must take steps to ensure that their data is safe and secure, or they risk facing serious consequences.

To restore system availability in the face of a malware attack, companies need a reliable data backup solution. As part of a rigorous disaster recovery plan, cloud migration affords organizations the best possible chance of withstanding such an attack and emerging unscathed.

Learning From Kronos’ Mistakes

The fact that Kronos did not have its own business continuity plans in place to safeguard the data of their enterprise customers left many cyber security professionals shaking their heads

Data security is of paramount importance in the modern world. And Kronos, unfortunately, has shown that it is not immune to the dangers that exist from threat actors.

For companies like Kronos, the only way to restore customer confidence is to take steps to ensure that their data is safe and secure. And that starts with having a robust disaster recovery plan in place.

Otherwise, the consequences can be catastrophic. Let Kronos be a reminder of that.

Business leaders should learn from Kronos’ mistakes and ensure that their organization is prepared for anything.

Because in the modern world of business and data security, it’s not a matter of if a cyber attack will happen, but when.

Start a conversation with Parsec Labs

Parsec Labs products are delivered as an integrated appliance, optimizing hardware and software for maximum performance and throughput.