Kronos Ransomware Hack to Have Impact on Employers

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

Ultimate Kronos Group (Kronos), one of the largest human resources companies, said in a Dec. 15 update that it experienced a ransomware attack that will potentially keep Kronos’s systems offline for weeks.

The attack on Kronos’ systems may also impact how many employees get paid and track their paid time off.

Employers that rely on the Kronos human resources software are working to find backup plans in order to ensure that their employees get paid. This includes some companies going as far as issuing paper checks as payment for the first time in years.

Kronos is widely used around the US by governments and businesses to track employees’ hours and issue payments. Its customers include municipal governments, universities, and large corporations, according to Kronos.

According to Kronos, the ransomware has only affected customers that used a specific product known as the Kronos Private Cloud.

Impacted Employers Included City Governments and Universities

Dozens of companies and government organizations announced during the week of Dec. 13 that they fell victim to the attack.

The hack also included scheduling products specifically designed for health care systems, financial institutions, and public safety employees.

On Dec. 13 and 14, employers around the country announced to their employees that they have been impacted by the attack.

The city of Cleveland also said in a statement on Dec. 13 that it was one of the employers who depend on the hacked Kronos software.

Some universities, including the University of Utah and George Washington University, also reported falling victim to the hack.

Impact on Employee Paychecks

The degree to which employees are impacted depends on how their employers used the Kronos software.

Employers that use Kronos for tracking employees’ shifts may have to ask workers to manually track it themselves, while employers that use Kronos for issuing paychecks may have to send out paper checks while the service is down, Kronos said.

The personal data and information that may have been potentially exposed in the hack depends on each company, university, or government agency.

Several companies said in statements to employees that they believe the most sensitive personal data (like Social Security numbers) have not yet been accessed. However, the city of Cleveland warned employees that the last four digits of their Social Security numbers could potentially be at risk.


The service could be out for “several weeks,” according to Kronos’ chief customer and strategy officer Bob Hughes.

However, because fixing the service could take long enough to significantly impact payroll and scheduling operations, Kronos has told employers to seek out “alternative business continuity protocols” while they continue working on a solution.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.

Leave a Comment