纽约(美国有线电视新闻网)最大的人力资源公司之一的终极克罗诺斯集团周一披露了一场严重的勒索软件攻击,影响了许多工人的工资系统。在周六注意到“异常活动”后,Kronos 指出其系统已关闭,并且可能会持续数周。
Kronos 在公共和私营部门拥有一长串著名客户,包括克利夫兰市、纽约大都会交通管理局 (MTA)、特斯拉和米高梅国际度假村。它还与全国许多医院合作。
一些雇主发现自己必须制定应急计划才能支付工人工资,例如改用纸质支票。一些受影响的员工无法访问工资系统。
勒索软件攻击影响了 Kronos 私有云解决方案,该解决方案是该公司多项服务的数据存储实体,包括 UKG Workforce Central,员工使用它来跟踪工作时间和安排轮班。
“UKG 最近发现勒索软件事件破坏了 Kronos 私有云,该私有云包含我们有限数量的客户使用的解决方案。我们立即采取行动调查和缓解问题,已通知受影响的客户并通知当局,并且正在与领先的网络安全专家合作,”Kronos 发言人告诉 CNN Business。
发言人补充说:“我们认识到问题的严重性,并已调动所有可用资源来支持我们的客户,并正在努力恢复受影响的服务。”
在大多数情况下,仍然可以在离线 Kronos 时间表系统上记录工时,但尚不清楚这些系统何时会重新上线。
“[E] 每名员工都将按他们工作的每一小时获得报酬。我们完全有信心能够确定员工工作多少小时并为这些小时支付工资,我们继续要求员工按照他们一贯的方式保持时间有,”MTA 发言人蒂姆明顿告诉 CNN Business。
勒索软件事件的消息是在互联网上广泛使用的名为 Log4j 的软件中的一个安全漏洞于上周晚些时候公开之后发布的,这为许多公司的系统打开了大门。 Kronos 尚未确认勒索软件攻击与 Log4j 漏洞有关,也没有回应 CNN Business 就可能的联系发表评论的请求。
Kronos 网站上的一个单独横幅警告了 Log4j 漏洞的潜在影响,并指出该公司已“调用紧急修补程序”来解决该问题,该横幅不是人力资源公司关于勒索软件攻击的特定消息的一部分。
除了潜在的工资问题外,还有数据隐私问题。克利夫兰市周一在一份声明中表示,克罗诺斯警告其敏感信息可能已在攻击中泄露。员工姓名、地址和社会安全号码的最后四位数字可能已被 Kronos 网络中的黑客窃取。
在其网站上有关安全事件的常见问题解答页面中,Kronos 表示其“调查正在进行中,我们正在努力确定客户数据是否已被泄露。”
Kronos ransomware attack could impact employee paychecks and timesheets for weeks
New York (CNN Business)Ultimate Kronos Group, one of the largest human resources companies, disclosed a crippling ransomware attack on Monday, impacting payroll systems for a number of workers. After noticing "unusual activity" on Saturday, Kronos noted that its systems were down and could remain that way for several weeks.
Kronos has a long list of notable customers across the public and private sector, including the city of Cleveland, New York's Metropolitan Transportation Authority (MTA), Tesla and MGM Resorts International. It also works with many hospitals across the country.
Some employers find themselves having to make contingency plans in order to pay workers, such as shifting to paper checks. And some impacted employees have been unable to access payroll systems.
The ransomware attack impacts Kronos Private Cloud solutions, a data storing entity for several of the company's services, including UKG Workforce Central, which is used by employees to track hours and schedule shifts.
"UKG recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud, which houses solutions used by a limited number of our customers. We took immediate action to investigate and mitigate the issue, have alerted our affected customers and informed the authorities, and are working with leading cybersecurity experts," a Kronos spokesperson told CNN Business.
"We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services," the spokesperson added.
It is still possible in most cases to log hours on the offline Kronos timesheet system, though it is unclear when these systems will come back online.
"[E]very employee will get paid for every hour they work. We have complete confidence that we will be able to determine how many hours employees work and pay them for those hours and we continue to ask employees to keep time the way they always have," MTA spokesperson Tim Minton told CNN Business.
News of the ransomware incident came after a security flaw in widely used software across the internet, called Log4j, was made public late last week, opening the door in many companies' systems to hackers. Kronos has not confirmed that the ransomware attack is linked to the Log4j vulnerability and did not respond to CNN Business's request for comment on a possible connection.
A separate banner on Kronos' website, which was not part of the HR company's specific messaging on the ransomware attack, warned about the potential impact of the Log4j vulnerability and noted that the company had "invoked emergency patching processes" to address it.
In addition to the potential payroll issues, there's also data privacy concerns. The city of Cleveland said in a statement Monday that Kronos alerted it that sensitive information may have been compromised in the attack. Employee names, addresses and the last four digits of social security numbers may have been stolen by the hackers inside Kronos's network.
In an FAQ page on its site about the security incident, Kronos said its "investigation is ongoing, and we are working diligently to determine whether customer data has been compromised."
