Ultimate Kronos Group (UKG) was recently hit with a devastating ransomware attack. Kronos merged with Ultimate Software in 2020 and became UKG, one of the largest human resource companies that provides workplace management and HCM cloud solutions.
On the 13th of December, 2021, Bob Hughes, UKG Executive Vice President, posted that a cyber security incident disrupted the Kronos Private Cloud — where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed.
“While we are working diligently, our Kronos Private Cloud solutions are currently unavailable. Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions,” said Hughes.
The statement was originally published in a community forum. In this forum, customers voiced their irritation with how the attack is affecting their work. Many customers viewed the Kronos reaction to the incident as inadequate, accusing them of not having a proper disaster recovery scenario. Since Kronos products are used by a large variety of entities, the implications are dire. In particular, a comment from an IT worker with the Tacoma, WA fire department stood out:
“We must have access to rosters for today and coming days — now. Any halfway decent IT application hosting company would have disaster recovery plans for any worst-case-scenario. Running fire and police departments, this data can literally be a matter of life and death for the public and for our people. Yes I am frustrated and angry that we don’t know what is happening.”
UKG later reported that the cyber attack did not seem to be related to the recent widespread log4j vulnerability, but assured customers that:
“We have invoked emergency patching processes to identify and upgrade impacted versions of log4j. We are aware of the widespread usage of log4j in the software industry, and are actively monitoring our software supply chain for any advisories of 3rd party software that may be impacted by this vulnerability.”
The attack affected employee payroll processing for companies that use Kronos, totaling more than 40 million people in over 100 countries.
At this point Kronos customers have no idea what has happened to their data, nor do they have an idea of when the issue will be resolved.
Featured image: Wikimedia Commons/Pkonradk