The December 2021 ransomware attack that crippled payroll and timekeeping systems using UKG's Kronos Public Cloud continues to have repercussions for the well-known HR technology vendor and many of its customers, including class-action lawsuits and data breach disclosures.
We've rounded up articles from SHRM Online and other outlets to provide more context on the news.
More Customers Reporting Data Exposures
The most recent lawsuit related to the attack, filed by an employee of the Family Health Centers of San Diego, claims that the incident exposed the personal data of employees.
Other data breaches related to the UKG attack have been disclosed or reported over the last two months, including from the city of Cleveland, athletic wear company Puma and the New York Metropolitan Transportation Authority (MTA).
Number of Class-Action Lawsuits Grows
In addition to the data breach suit, employees at PepsiCo, the New York MTA and Allegheny General Hospital in Pittsburgh, among others, have filed class-action lawsuits alleging that they were improperly paid due to the system outage.
(ClassAction.org) (ClassAction.org) and (ClassAction.org)
Hack Disrupts Payroll for Thousands
Discovered Dec. 11, the cyberattack affected about 2,000 employers that use the time and attendance software, including enterprise companies, hospitals, universities and public agencies. UKG said that by late January, it had restored core time, scheduling and payroll capabilities to all customers affected by the ransomware attack.
HR Tech Put on Notice
HR technology analysts say vendors and their clients should brace themselves for similar attacks as more hackers train their sights on sensitive employee data rather than customer data.
Ransomware: To Pay or Not to Pay
The consideration of whether to pay a ransom is very complicated—and each scenario, risk analysis and business decision is different. It is also wise for companies to determine whether they have insurance coverage for a ransom payment.