A ransomware attack striking one of the largest human resources companies could impact how employees get paid, clock in for work and track paid time off.
HR management company Ultimate Kronos Group confirmed a ransomware attack impacted several services companies use to manage their employees and payrolls.
The attack, which UKG discovered on Saturday, affects the Kronos Private Cloud, which includes UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions, said the company.
“We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities,” said Bob Hughes, executive vice president for UKG, in a post on the company’s website. “The investigation remains ongoing, as we work to determine the nature and scope of the incident.”
►Streaming TV:Disney, ESPN, ABC could leave YouTube TV as two sides work toward new deal
►A new title for Elon Musk:Billionaire is Time magazine’s Person of the Year
Here’s everything we know so far:
How long before it’s fixed?
UKG said all products linked to the Kronos Private Cloud are unavailable, and it could take up to several weeks before service is restored.
The company advises customers consider “alternative business continuity protocols” related to any Kronos services they used.
In a new statement Tuesday, UKG said any timeclocks used by companies still record and store when employees work offline until connectivity returns.
What is log4j? And is this connected?
Log4j is a popular logging package for Java software, used in games like “Minecraft” and banking and financial applications, says Jon Clay, vice president of threat intelligence at Trend Micro.
A critical vulnerability was discovered in the software, and according to internet security firm Trend Micro, this flaw has already been exploited. The flaw is considered so serious because the affected software is used in a wide range of devices that use Java software.
“Organizations and consumers should immediately patch any applications or systems affected by this bug,” said Clay.
Companies including Google, IBM and Amazon have been scrambling to address the vulnerability.
So, is this vulnerability related to what happened with Kronos? UKG said there’s no indication of a link.
“We are investigating whether or not there is any relationship between the security incident described above and the Log4j vulnerability,” said UKG in its latest update.
How are affected companies responding?
UKG boasts several notable clients, including Tesla, Puma, the YMCA and several universities and hospitals.
In a statement Monday, the University of Utah said it has established a task force to determine how the ransomware attack may have impacted their systems.
“Paychecks will be distributed on schedule, although there may be adjustments at a later date to reflect corrections as needed,” said the university.
The City of Cleveland said its employees will still receive pay without interruption despite the attack, according to local reports.
In a statement Monday, Springfield, Massachusetts., one of Kronos’ customers, said the recording of city workers’ schedules and hours could be disrupted by the attack.
“The City of Springfield would like to reassure all city employees that contingency plans for recording employee schedules and hours will be implemented to mitigate the potential adverse effects this incident might cause and to make sure that employees will continue to receive their regular scheduled pay,” said the city in a statement.
The Associated Press contributed to this report. Follow Brett Molina on Twitter: @brettmolina23.