Ultimate Kronos Group, a human resources company that provides timekeeping services, notified Dallas officials this week that it was the subject of a recent ransomware attack affecting 2,411 of the city’s hourly employees.
Kronos, one of the largest Human Resources companies, publicly disclosed details of the attack on Monday, Dec. 13, in a statement on its website
. The HR company sports a hefty list of employers, such as the city of Cleveland, New York’s Metropolitan Transportation Authority, Tesla, MGM resorts and, apparently, Dallas. Dallas employs about 13,000 people.
Speaking by phone, Page Jones, a spokesperson for the city, said, “We are working to ensure that all those workers get their paychecks as close to accurately as possible.”
On Monday, Dallas’ Chief Financial Officer M. Elizabeth Reich detailed how the attack would affect the city.
Kronos initially believed it would only take days to get the system up and running again, but the company has since indicated it could take weeks, according to the memo.
“If UKG Kronos is unable to restore access by this Wednesday, Dec. 15, 2021, we will implement contingency procedures to ensure the city’s 2,411 Kronos timekeeping-based employees receive a paycheck that is as accurate as possible, with any reconciliation occurring as soon as possible thereafter,” the memo said.
The memo further states that the city only uses Kronos to track hours, which are then loaded into Dallas’ payroll system. Because of this, no personal or identifying information or banking information was involved in the attack, according to the city.
Not everyone was so lucky. On Monday, the city of Cleveland said in a statement
that sensitive information may have been accessed during the attack. This could include employee names, addresses and the last four digits of their Social Security numbers.
The Dallas memo said, “We apologize for any inconvenience that this may cause employees and appreciate your patience and forbearance as we work through this together as a team.”
Bob Hughes, the executive vice president of Kronos, posted a statement about the attack to the company’s website on Monday.
It said that late on Saturday, Dec. 11, “unusual activity” was affecting UKG systems using the Kronos Private Cloud.
“We took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident affecting the Kronos Private Cloud — the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed,” Hughes said in the statement. He added that they aren’t aware of impacts to any of the company’s other systems.
Shannon Medical Center in San Angelo and the Fort Worth Independent School District have also been affected.