City Hall

Ransomware Attack Affects More Than 2,400 City of Dallas Employees

Ransomware attacks have targeted Dallas and other Texas cities in recent years
Ransomware attacks have targeted Dallas and other Texas cities in recent years Alan Botting, CC BY-SA 2.0, via Wikimedia Commons
Ultimate Kronos Group, a human resources company that provides timekeeping services, notified Dallas officials this week that it was the subject of a recent ransomware attack affecting 2,411 of the city’s hourly employees.

Kronos, one of the largest Human Resources companies, publicly disclosed details of the attack on Monday, Dec. 13, in a statement on its website. The HR company sports a hefty list of employers, such as the city of Cleveland, New York’s Metropolitan Transportation Authority, Tesla, MGM resorts and, apparently, Dallas. Dallas employs about 13,000 people.

Speaking by phone, Page Jones, a spokesperson for the city, said, “We are working to ensure that all those workers get their paychecks as close to accurately as possible.”

On Monday, Dallas’ Chief Financial Officer M. Elizabeth Reich detailed how the attack would affect the city.

Kronos initially believed it would only take days to get the system up and running again, but the company has since indicated it could take weeks, according to the memo.

“If UKG Kronos is unable to restore access by this Wednesday, Dec. 15, 2021, we will implement contingency procedures to ensure the city’s 2,411 Kronos timekeeping-based employees receive a paycheck that is as accurate as possible, with any reconciliation occurring as soon as possible thereafter,” the memo said.

The memo further states that the city only uses Kronos to track hours, which are then loaded into Dallas’ payroll system. Because of this, no personal or identifying information or banking information was involved in the attack, according to the city.

Not everyone was so lucky. On Monday, the city of Cleveland said in a statement that sensitive information may have been accessed during the attack. This could include employee names, addresses and the last four digits of their Social Security numbers.

The Dallas memo said, “We apologize for any inconvenience that this may cause employees and appreciate your patience and forbearance as we work through this together as a team.”

Bob Hughes, the executive vice president of Kronos, posted a statement about the attack to the company’s website on Monday.

It said that late on Saturday, Dec. 11, “unusual activity” was affecting UKG systems using the Kronos Private Cloud.

“We took immediate action to investigate and mitigate the issue, and have determined that this is a ransomware incident affecting the Kronos Private Cloud — the portion of our business where UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed,” Hughes said in the statement. He added that they aren’t aware of impacts to any of the company’s other systems.

Shannon Medical Center in San Angelo and the Fort Worth Independent School District have also been affected.
KEEP THE DALLAS OBSERVER FREE... Since we started the Dallas Observer, it has been defined as the free, independent voice of Dallas, and we'd like to keep it that way. With local media under siege, it's more important than ever for us to rally support behind funding our local journalism. You can help by participating in our "I Support" program, allowing us to keep offering readers access to our incisive coverage of local news, food and culture with no paywalls.
Jacob Vaughn, a former Brookhaven College journalism student, has written for the Observer since 2018, first as clubs editor. More recently, he's been in the news section as a staff writer covering City Hall, the Dallas Police Department and whatever else editors throw his way.
Contact: Jacob Vaughn