SHRM: Concerns Linger Following UKG Ransomware Attack

On February 1, 2022, Nabil Hannan was featured in SHRM’s article on the UKG ransomware attack. Preview the article below, or read the full article online here. 

+ + +

Along ordeal for customers of Ultimate Kronos Group (UKG) is nearing an end. The vendor has restored its time-keeping and payroll services after a ransomware attack disrupted the lives of thousands of HR professionals and employees alike.

But experts say fallout from the attack will continue, given that some customer data was stolen, companies will have to transition manual records back into UKG systems and shaken clients are questioning their future with the vendor.

In a public update on Jan. 22, UKG said it had restored core time, scheduling and payroll capabilities to all customers impacted by the ransomware attack on its Kronos Private Cloud system. The statement said UKG is now focused on the “restoration of supplemental features and nonproduction environments” and is offering video-based recovery guides to help customers reconcile their data.

The outage—which lasted more than a month for many UKG clients—forced thousands of organizations to scramble to create manual workarounds. It happened during a particularly challenging time of year; employers had to find ways to pay workers holiday pay and overtime as employees worked extra shifts to cover staff shortages caused by the omicron variant of the coronavirus and ongoing resignations.

UKG and companies using its services may be facing legal action. “Unfortunately, some customer data was stolen in the attacks and that creates a secondary concern for UKG and its clients,” said Allie Mellen, a security and risk analyst with research and advisory firm Forrester. UKG confirmed in its latest public statement that the personal data of at least two of its customers had been “exfiltrated” or breached.

…..

Cautionary Tale for HR Tech Vendors

HR technology analysts say vendors and their clients should brace themselves for similar attacks as more hackers train their sights on sensitive employee data rather than customer data.

“The reality is we’re going to see more of these attacks,” said Trevor White, a research manager specializing in HCM technologies with Nucleus Research in Boston. “The question for HR vendors is how they’ll limit disruption to their customers as they go about solving problems related to ransomware and other cyberattacks. Unless you pay the ransom, these things can take weeks to solve.”

Nabil Hannan, managing director for NetSPI, an enterprise security testing and vulnerability management firm in Minneapolis, said too many organizations still focus on protecting customer data at the expense of securing employee data.

“Hackers are getting more creative and focusing more of their efforts on finding ways to lock up systems that on their face may not seem as critical but that have far-reaching impacts, like HR data,” Hannan said.