Ransomware Attack Hits Popular Payroll Service — Impact to Connecticut Employers Unclear


TwitterFacebookCopy LinkPrintEmail

A ransomware attack targeting a popular time clock and payroll service could delay paychecks issued by local governments and businesses during the holiday season – but the extent of the impact wasn’t immediately clear as a number of major employers would not comment on Tuesday.

The HR management company Ultimate Kronos Group announced that the company had become aware of a ransomware attack on its Kronos Private Cloud late on Saturday, which knocked its payroll, scheduling and healthcare extensions offline. 

New Haven Communications Director Kyle Buda said that although New Haven’s payroll system had been affected by the attack, the city already had a system in place to pay employees by paper check. Buda said those checks would be issued this week.

Bridgeport Spokeswoman Rowena White said the city’s police department uses the Kronos time management system to record daily rosters and overtime, but not payroll, and that other city departments were not affected

White said that police supervisors will need to maintain accurate rosters documenting time off and overtime, and those working overtime will need to submit a form documenting their hours for their supervisors to report daily. 

White said the city does not record birth dates, social security numbers or any other bank or financial information in the system.

Kronos announced that it may take the company several weeks to fully restore the system and urged its customers to find alternatives in the meantime. The company explained that in most instances the system will still record and store when employees clock in and out of work even while the system is offline, but recommended that customers manually record employee time until the system is restored.

“Due to the nature of the incident, it may take up to several weeks to fully restore system availability,” the company said. “While UKG has dedicated extensive resources to resolving this issue and supporting our impacted customers, we do not have an estimated time of resolution.”

The company announced that it had “a variety of redundant systems and disaster recovery protocols,” but that those backups aren’t available while the company determines the best approach to restore services.

Kronos said it was investigating whether any data has been compromised because of the attack.

New London Public Schools Director of Finance Rob Funk said the school district uses Kronos for its time clock, but not payroll, and has not experienced any issues so far. 

The State of Connecticut uses Kronos for time collection for about 18,500 employees across four state agencies, but does not use it for payroll, Department of Administrative Services spokesman John McKay.

The state was informed on Sunday that the time clock system was unavailable, and has been manually collecting employees’ time while Kronos is unavailable, McKay said. 

“We do not anticipate a disruption to the state’s ability to pay these people during the outage,” he said.

Several major employers told CT Examiner they do not use Kronos and were not affected by the attack, including UConn, UConn Health and Dominion Energy – the owner of the Millstone Nuclear Power Station. Mohegan Sun said they don’t use the cloud-based version of Kronos and were not affected. Others contacted had not responded at the time of publication.

This story has been updated to include comments by Mohegan Sun