Timework Key Events and Impact

• Scope of Disruption: Approximately 8 million employees were impacted by the outage, including workers from major organizations such as FedEx, PepsiCo, Whole Foods, and public entities like the New York Metropolitan Transportation Authority and the City of Cleveland.
  
  • Timeframe of Outage:
    • The ransomware attack disabled the Kronos Private Cloud services for weeks, beginning in mid-December 2021, with full restoration not achieved until late January 2022—an outage of 5+ weeks. Some clients were told that they did not have a timeframe for restoring services and defaulted to using manual means to collect time, pen and paper processes.
• Operational Challenges: Employers resorted to manual processes to track employee hours, leading to administrative burdens and potential inaccuracies. For instance, Cleveland established a "war room" to address payroll issues for its 8,000 employees.
• Employee Compensation Issues: Many employees reported receiving incomplete paychecks, missing out on overtime and holiday pay. In some cases, pay was estimated based on previous periods, leading to underpayments.

Legal and Financial Repercussions

• Class Action Lawsuits: Numerous lawsuits were filed against UKG and affected employers. For example, a class action against PepsiCo alleged failure to accurately track and compensate employees during the outage period.
• Settlements:
   
  • UKG agreed to a settlement of up to $6 million to address claims related to the breach, including compensation for ordinary losses and identity theft.
    
    • UKG agreed to a $6 million settlement to resolve legal claims from affected employees.
    • Compensation included up to $500 per person for documented losses and up to $50 for time spent dealing with the breach.
   
  • Cargill settled a class-action suit for $2.4 million,
    
    • This settled suite was addressing unpaid wages and overtime claims.
   
  • UMass Memorial Health agreed to a $1.2 million settlement for wage and hour claims stemming from the attack.
    
    • UMass Memorial Health, another client, reached a $1.2 million settlement over Fair Labor Standards Act (FLSA) violations due to underpayment during the outage.

Timework Conclusion

The 2021 Kronos ransomware attack disrupted payroll for over 8 million workers, cost UKG and its clients more than $9.6 million in settlements, and exposed major operational weaknesses in reliance on centralized timekeeping systems.The Kronos ransomware attack underscored the vulnerabilitiesinherent in centralized workforce management systems. The widespread disruptionnot only affected payroll operations but also led to significant legal andfinancial consequences for both UKG and its clients. This incident highlightsthe critical importance of robust cybersecurity measures and contingencyplanning to mitigate the risks associated with digital infrastructuredependencies

‍