Sainsbury’s payroll system provider, US-based Kronos, has been hit by a cyber-attack, impacting nearly 150,000 employees.
The Mirror reported that Kronos was targeted on Saturday last week, which caused the supermarket to lose a week’s worth of data. However, despite the data loss, Sainsbury has promised that its 150,000 employees would be paid before Christmas.
Sainsbury's is among leading firms in the UK and US and relies on Kronos to log, store and process the 'hours' employees have worked on their systems to calculate their monthly payments.
Following the cyber-attack, multiple departments involved in payroll including payroll, human resources (HR), and accounting are now using historical data to ensure workers are paid the correct amount, including the overtime that is common during the festive season.
A Sainsbury's spokeswoman said: "We're in close contact with Kronos while they investigate a systems issue. In the meantime, we have contingencies in place to make sure our colleagues continue to receive their pay."
Kronos, run by the Ultimate Kronos Group (UKG) company, from Massachusetts, supplies a range of cloud payroll services, including an automated payment system used by firms around the globe. The payroll provider has announced that some of its services will be offline for weeks following the ransomware attack.
The sector which is severely affected by the UKG ransomware attack within public finance is healthcare, where Kronos’ payroll and workforce solutions systems have been popular. The ransomware attack should not affect clinical outcomes or add meaningful costs, except for some added expenses activating contingencies to track hours and pay employees.
According to CNN, many sectors have shifted to paper checks, while others are still finding ways to access their payroll systems. In most cases, however, the offline Kronos timesheet system is still working and firms can keep using it for the time being.
“Data is no longer a commodity, it’s a currency — as this incident represents. Information within an organization’s network is valuable to both businesses and attackers. With a majority of the world’s data residing in the cloud, it is imperative that organizations become cloud-native when thinking about data protection,” Amit Shaked, Co-Founder & CEO of Laminar, stated.
