Kronos is hit with ransomware. Things are not good

Multi-million dollar payroll company Kronos was hit with ransomware and let’s just say it is bad rapidly going to worse. According to Kronos, they will be down for weeks. In addition:

It also involved a data breach. Think of all of the personal information your payroll company has,

Apparently no backups of data. Companies do not have schedules, times, etc.

Companies and Governments are having to scramble to have employees fill out old fashioned time cards so they can get paid. Yeah, it is the paying company’s responsibility to have had contingency plans. As per Kronos their clients should

evaluate and implement alternative business continuity protocols related to the affected UKG solutions.

My view is the same as Allan Liska (ransomware expert)

Some people on Twitter are blaming the small businesses, who are victims here, for not having a backup plan in place for payroll. I feel that’s crap; you are outsourcing your payroll to a company that is supposed to have contingency plans in place for you,

Some companies cannot do this in time to meet payroll because - as mentioned above - there is no backup of the data companies need to issue payroll. I question if some companies even have a payroll department if they farmed it out to Kronos.

Mrs. Cad was affected. Anyone else?
Will Kronos survive this? I can see lots of lawsuits and cancelled contracts for this.

Wow. Just in time for Christmas, too. My company used to use Kronos up until a couple years ago. Thank God we switched.

Christmas?! It may be more than that. The way they’re talking about how long it may take, employees may not get W2s at the end of January.

I hate to say it, but every time there is a story like this, my client base increases. My company does Flex plan administration.

I have stuck fast to a business model that keeps all private information off the internet, and I don’t offer web portals for submission of private health information. I don’t do debit cards and please only submit your claims via regular mail.

Thanks – I can sleep at night!

I think my company uses some sort of software with Kronos in the name for scheduling, but that seems to still be up. No idea what they use for payroll. I know they used to use ADP but honestly I haven’t checked for awhile, With direct deposit it’s sort of out of sight, out of mind as long as the money keeps appearing in my checking account.

My personal contingency plan is 8 months of living expenses in my savings account so if my company’s payroll smashes into a brick wall I can still pay my rent, but I’m in the minority.

But yeah, a real fustercluck.

Looks like not having an IT department wasn’t such a terrific money saver after all.

I didn’t see a link in the OP; here’s a CNN article:

But the gyros is safe, right?

The company I work for started using Kronos earlier this year, but when the outage happened we were able to switch back to the in-house timekeeping system we were using beforehand and there hasn’t been any delay in payroll.

It’s always been dangerous to have all your eggs in one basket. So yes, I feel that the small businesses bear some blame for not asking both themselves and Kronos, “What could go wrong?”

Especially these days, when scarcely a week goes by without a new story of some company getting hacked or scammed.

Aye, when I first saw the thread I was concerned until I realized it was Kronos with a K and noted that it was in MPSIMS and not CS and thus likely didn’t involve Conrad Lant.

Phew!

I don’t know about that. From what I’ve seen of many IT departments, outsourcing incompetence is much the same as having your own in-house incompetence. No offense to some here who work in IT – there are a lot of good ones, too, but I’ve been saddened by much of what I’ve seen.

Maybe. What if they asked Kronos, “What happens if your server farm goes down?” and Kronos had (on paper) a full business continuity plan?

We use Kronos but got paid without issue.

If Kronos doesn’t survive, no one I know will shed any tears: it is universally hated.

The advantage Kronos has/had over our in-house timekeeping system was that we could put in time-off requests, vacation, and sick-pay hours from home or via the app rather than having to fill out a paper form at work, and if you needed to trade shifts with someone you could put the request out in the app rather than having to find people with compatible schedules and ask them in person. Also, whereas our old timekeeping system could only round employee punches in fifteen-minute intervals and you ran the risk of “quarter-punching” and getting credited for unearned time if you clocked out at the wrong point in that interval, Kronos rounds to three-minute intervals and makes the problem pretty much moot.

Other than that, it’s largely an annoyance compared to our old scheduling program; the AI seems to lack any understanding of state labor laws or our employee contract, and will often schedule cashiers for exactly long enough that the law requires them to take a lunch, or schedule someone to work until midnight one night and come back at 5:30 AM when the contract requires a minimum of 10 hours between shifts, or it’ll give us five cashiers up until 8 PM when four of them will all be off at the same time.

It certainly doesn’t help that the PY sales and schedules it’s supposed to be “learning” from came from a time when we were closed overnight due to panic-shopping and needing to clean and restock without the ravenous hordes clawing over our precious stores of toilet paper and ramen, and so it’s written several schedules where we had no cashiers on duty at all for stretches of an hour or more. Between myself, the other shift managers, and upper management, we’ve been able to fix a lot of those problems, but it seems like a lot more trouble than it’s worth.

Every job I’ve had since 1978 either punched the actual clock time or to two decimal places. How have things gone that far backwards?

The in-house timekeeping system I refer to is AS/400-based, and is what the company had been using since 1990 or so when they first computerized their timekeeping system. It doesn’t surprise me that it’s primitive. I’ve had jobs in the past where the time clock could track things up to a hundredth of an hour, but I suppose the company didn’t think it was worth it to upgrade to a more precise software until this year.

I think it just depends on who you’re working for and who’s taking care of payroll. At my mom and pop store, we’ve never outsourced payroll. Back when we had an actual, traditional punch clock the person doing payroll rounded each day to the nearest quarter hour. When I took over, I rounded each week to the nearest quarter hour. Now, we punch in and out with a badge on a clock that’s connected to my computer and every day is rounded to the nearest hundredth of an hour.

From the employer’s POV, that makes sense, but for the employee, I’m not sure getting paid for an unearned half of a quarter hour is viewed as a risk. In fact, back when we had an old punch clock, I’d see employees, when getting ready to leave, do the math in their head and decide if they wanted to punch out now or wait a few minutes and punch out knowing they’d get paid for an additional 7 minutes.

Anyway, back to the Kronos thing. Since we’ve never outsourced payroll, I don’t know the answer to this, but when people are blaming the businesses that used their services, what could they have done to mitigate this? Or what could they have done to insure employees can continue to get paid and W-2’s go out and everything happens smoothly and on time? ISTM, the more extensive the business’ contingency plan is, the less reason they have to outsource payroll.
And more importantly, how does Kronos not have their database backed up? If that’s true and not just a misunderstanding, I wonder how bad it’s going to hurt them. I’d assume it’s going to put them out of business since people are going to scramble to find other payroll companies to work with and may very well not return to a company that doesn’t back up their data or they’ll put in a “state of the art” system and procedures for backing up that will be impressive enough to bring people back.
In any case, I just can’t fathom why they wouldn’t back up. One possible reason could be that their backups are infected as well. My business has insurance for cyber-attacks. When I was chit chatting with my agent, I mentioned my entire computer is backed up on the fly, plus my payroll/accounting software is backed up each day (in addition to the live back ups) and all off site. He mentioned that something they’ve been seeing more and more of is ransomware that infects a system, but will lie dormant for weeks or months specifically to make sure it can quietly infect your back ups as well.
I’ve always said that, in an extreme emergency, I can throw out my computer, buy a new one and be back to where I left off within a day or two. But if restoring my data from back ups just reinfects the system, I’d be in a bit more trouble.*

*And that’s actually all the reason I need to continue with hard copies, stored in plastic bins for decades, that I needed. I keep telling myself that all these things (ie weekly payroll tax confirmations, tax forms that are submitted online etc etc) that I print out, I should just save the PDF and get rid of all the paper, but this is a great example of why I shouldn’t do that.

As far as I know, it was all manual. Either way, my paycheck was always the exact total time in hours:minutes or hours/1/100ths, no rounding to a quarter or tenths.

My employer was affected. They are going to repeat the hours/paycheck from the last “good” week which was thanksgiving. Okay for those who worked a normal week and the holiday pay, if they didn’t work on thanksgiving, should be relatively easy to correct when it gets figured out. Bad for those who didn’t work a full week and are expecting 40 hour paychecks and a mess for those who got paid 60 (worked the holiday) and will need to pay the extra money back sometime. They “should” have it fixed in a few weeks.

My wife made up a spreadsheet to track my hours/vacation/overtime/holiday pay. We’ll see how close to what my wife says I either get or owe the company compared to what my boss says. Trying to figure out payroll taxes for these adjusted paychecks are going to be a huge mess also.

My suggestion was to pay a standard 40 hour week and adjust from that. But what do I know?