💰🗃️

Ultimate Kronos Group (UKG) Security Incident

11/12/2021 1410 days ago Resolved

Incident Overview

Situation Description

Ultimate Kronos Group (UKG) discovered a ransomware attack on one of their cloud-based time and attendance systems on December 11, 2021, leading to system outages and potential data exposure.

Event Types

Ransomware Data Breach

Industry Sector

Technology

Geographic Scope

nan

Response Actions

Restored Systems from Secure Backups Enhanced Third-Party & Supply Chain Risk Management

Impact Analysis

Event Types (2 identified)

Ransomware Data Breach

Financial Impact

$0 USD

Records Affected

Data Types Compromised

PII (Personally Identifiable Information) Credentials

Primary Impacts

Operational Disruption Data Exposure Financial Loss Legal/Regulatory Penalties

Key Decisions Made

Employers should ask third-party vendors about their regular security assessments.; Employers should ensure third-party vendors have written security policies and procedures for data breaches.; Employers should choose vendors with high-level security certifications like SOC 2 or PCI-DSS.

Technical Analysis

Attack Method

Unknown

Additional Information

Newsletter Articles May 5, 2022 BEWARE OF PAYROLL SOFTWARE HACKS! By Gardner Skelton Cyber-attacks are becoming more common as employers depend on new technology. Without the proper protections in place, employers could be faced with massive lawsuits. On December 11, 2021, Ultimate Kronos Group (UKG), a Florida-based HR management software company, discovered a ransomware attack on one of their cloud-based time and attendance systems. The hack resulted in outages across the system for weeks, affecting over 2000 companies, from hospitals to government agencies. The data breach forced employers to manually track employee time and caused difficulties managing end-of-year vacations and payroll and bonus calculations. Although UKG restored most system capabilities within about six weeks, concerns remained over whether the breach left employee information exposed and whether some employers had violated the Fair Labor Standards Act (FLSA). Since January 19, 2022 lawsuits have been filed against employers in connection with the security breach. The employees claims vary from recouping back wages and overtime pay (due to unrecorded working hours during the breach and the additional time employees spent tracking their hours) to security-based claims over the employers failure to adequately protect employees private information, such as their social security numbers. What can employers do to protect themselves in the event their third-party vendor is hacked? Employers faced with potential claims arising out of their third party vendors security breach may have a good faith defense if they take certain measures to ensure the security of third party vendors. To help minimize risk, employers should: Ask their third party vendors whether they conduct regular security assessments. Security assessments should, at minimum, identify potential risks, estimate the likelihood and potential impact of those risks, and implement specific protections against t hose risks. Make sure...

... (truncated for display)

Quick Facts

Company:: Ultimate Kronos Group (UKG)
Date:: 11/12/2021
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 5/05/2022

Source Information

Original Query

UKG Kronos ransomware attack customer compensation and class action lawsuits

View Original Source

Timeline

Information Published

5/05/2022

Incident Occurred

11/12/2021 (1410 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats