Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Payroll Provider. Show all posts

UKG Faces Payroll Violations Class Action Lawsuit in Multiple U.S. District Courts

 

Workforce management company Ultimate Kronos Group faces a proposed class action after its ubiquitous Kronos timekeeping system got whacked by ransomware last December. The aggrieved customers dragged the firm into court as scheduling and payroll were hindered at thousands of organizations including Tesla, PepsiCo, Whole Foods.

Due to the network outage, many major firms were unable to pay workers on time for all of their wages, including overtime wages, and shift differentials, as they rely on Kronos products for timekeeping and prompt pay policies. 

Employees at Tesla and PepsiCo filed a class-action lawsuit against UKG in the U.S. District Court in the Northern District Court of California seeking damages due to alleged negligence in data security procedures and practices. New York MTA employees filed a separate suit in the U.S. District Court for the Southern District of New York against the MTA, alleging it failed to pay overtime wages due to the Kronos outage.

According to John Bambenek, principal threat hunter at security firm Netenrich, the response and recovery from the ransomware attack is UKG's responsibility, but failure to make payroll, a potential violation of the federal Fair Labor Standards Act (FLSA) and any applicable state and local laws, is the fault of the employer. The federal Fair Labor Standards Act (FLSA) requires organizations to accurately track the hours worked by employees and pay workers accordingly. Failure to comply with these requirements could entitle workers to compensation of up to double their unpaid wages.

"The employers are responsible for making payroll. If they're using a third-party provider, and it doesn't get the job done, they're responsible for making payroll,” said John Bambenek. “That doesn't leave Kronos off the hook, however. Kronos offers service and couldn't provide it, so now the company may be liable to its customers, Bambenek said. Employers can sue UKG too.”

However, the key question is whether the contracts that UKG negotiated with its customers define who might be responsible in the wake of an incident like this. In many cases, commercial contracts between a provider and a customer contain an indemnification clause, which protects the provider from legal action or damage for certain events. 

"Every vendor, especially at the level of Kronos," is going to seek an indemnification clause that benefits them in their contracts, Matthew Warner, CTO, and co-founder at detection and response provider Blumira, told Cybersecurity Dive. "They're going to do as much as they can to make sure that if something goes wrong, and if there is any sort of interruption associated with it, they're indemnified for it."

Sainsbury's Payroll Provider Targeted in a Cyber Attack

 

Sainsbury’s payroll system provider, US-based Kronos, has been hit by a cyber-attack, impacting nearly 150,000 employees.

The Mirror reported that Kronos was targeted on Saturday last week, which caused the supermarket to lose a week’s worth of data. However, despite the data loss, Sainsbury has promised that its 150,000 employees would be paid before Christmas. 

Sainsbury's is among leading firms in the UK and US and relies on Kronos to log, store and process the 'hours' employees have worked on their systems to calculate their monthly payments. Following the cyber-attack, multiple departments involved in payroll including payroll, human resources (HR), and accounting are now using historical data to ensure workers are paid the correct amount, including the overtime that is common during the festive season. 

A Sainsbury's spokeswoman said: "We're in close contact with Kronos while they investigate a systems issue. In the meantime, we have contingencies in place to make sure our colleagues continue to receive their pay." 

Kronos, run by the Ultimate Kronos Group (UKG) company, from Massachusetts, supplies a range of cloud payroll services, including an automated payment system used by firms around the globe. The payroll provider has announced that some of its services will be offline for weeks following the ransomware attack. 

The sector which is severely affected by the UKG ransomware attack within public finance is healthcare, where Kronos’ payroll and workforce solutions systems have been popular. The ransomware attack should not affect clinical outcomes or add meaningful costs, except for some added expenses activating contingencies to track hours and pay employees.

According to CNN, many sectors have shifted to paper checks, while others are still finding ways to access their payroll systems. In most cases, however, the offline Kronos timesheet system is still working and firms can keep using it for the time being.

“Data is no longer a commodity, it’s a currency — as this incident represents. Information within an organization’s network is valuable to both businesses and attackers. With a majority of the world’s data residing in the cloud, it is imperative that organizations become cloud-native when thinking about data protection,” Amit Shaked, Co-Founder & CEO of Laminar, stated.