Payroll software hit by hackers, will take weeks to fix

HR professionals in the US have lashed out after their payroll software was attacked by cyber criminals. 

The ransomware attack on payroll provider Ultimate Kronos could take weeks to fix. The company, which also has clients in the UK, has asked users to find other options to pay staff and manage time sheets.

The group, which also provides time-sheet software, said it became aware of a problem on Saturday and started to investigate. 

The issues meant customers were locked out of their accounts, which affected their employees’ pay. Kronos has around 4 million workers worldwide using its software.

Get our essential weekday HR news and updates. Email This field is for validation purposes and should be left unchanged. Work Email Keep up with the latest in HR... This field is hidden when viewing the form Optin_form This field is hidden when viewing the form Optin_date Year Month Day This field is hidden when viewing the form Batch_Newsletter

The company said it was“working with leading cyber-security experts to assess and resolve the situation,” 

HR staff lash out

On twitter, HR teams have voiced their concerns and frustration at not being able to pay staff and having to resort to tools such as MS Excel or payroll books.

Many have also commented on the timing, which means some employees will see a pay delay just before Christmas, when they would be buying presents and food ahead of the holidays. 

Others have called on Kronos to hire better paid and more experienced security staff, saying it is ‘inexcusable’ that healthcare staff in the US will not be paid because of the attack.

Jake Moore is the former Head of Digital Forensics at Dorset Police. He is now Global Cyber Security Advisor at cyber security specialists ESET. He  said:

 “At a terrible time of year for disruption to services, the impact to Kronos is tremendous. Holidays, bonuses and a limited workforce all make this attack all that much worse plus the knock on effect to other businesses will also be felt more than usual. 

He adds that it is now more important than ever to boost security systems. He comments that it is “shocking” that attacks of this nature are still happening with the same methods as years ago.

“When you hear of attacks forcing companies back to pen and paper for trivial tasks such as monitoring timekeeping, it is shocking to think we are heading into 2022 with the same attack vectors as we have seen for much of the last decade.”

Feyaza Khan

Website

Feyaza Khan has been a journalist for more than 20 years in print and broadcast. Her special interests include neurodiversity in the workplace, tech, diversity, trauma and wellbeing.

• Feyaza Khan

  

  Thursday, March 17, 2022

  Parents need to be paid enough to cover childcare costs
• Feyaza Khan

  

  Wednesday, March 16, 2022

  Wilko apologises for asking covid-positive staff to work
• Feyaza Khan

  

  Wednesday, March 16, 2022

  Tech is toxic, say the women who work in the industry
• Feyaza Khan

  

  Tuesday, March 15, 2022

  Wages not keeping up with rising inflation