Kronos Warns Cyberattack May Knock HR Software Offline for Weeks
(Bloomberg) -- Ultimate Kronos Group subsidiary Kronos, a provider of payroll and time-sheet software, said it suffered a ransomware attack that may force its systems offline for weeks.
The company became aware of the issue Saturday and began steps to “investigate and mitigate” it, according to a message the company sent to its customers and posted on its website. Kronos said it was “working with leading cyber-security experts to assess and resolve the situation,” but warned users to find alternative options given the delay expected before its software is working again.
“While we are working diligently, our Kronos Private Cloud solutions are currently unavailable,” the company said. “Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions.”
Other products, like UKG Pro, weren’t affected, the company said. Kronos has a widespread customer base, noting on its website that clients include Tesla Inc., the city of Cleveland, Kum & Go convenience stores, MGM Resorts International and multiple health agencies. Users, including New York City’s Metropolitan Transportation Authority, were unable on Monday to access Kronos services.
Kronos hasn’t said whether the attack is related to the Log4Shell vulnerability discovered this past weekend, which U.S. cybersecurity officials called “a significant threat.”
Alongside the ransomware attack, the company’s customer conference, UKG Connections, kicked off in Las Vegas on Monday.
©2021 Bloomberg L.P.