Sainsbury’s Payroll Disrupted By US Ransomware Attack

Sainsbury’s has acknowledged it is one of the businesses hit by a ransomware attack on a major US provider of cloud payroll systems.

The supermarket chain lost a week’s worth of data for its 150,000 UK employees, The Mirror reported.

Companies such as Sainsbury’s rely on services from Ultimate Kronos Group (UKG), based in Lowell, Massachusetts and Weston, Florida, to log staff hours and calculate pay.

Sainsbury’s said staff would be paid before Christmas.

Payroll data

It said departments including payroll, human resources and accounting were using historical data and working patterns to ensure accurate and timely payment.

“We’re in close contact with Kronos while they investigate a systems issue,” Sainsbury’s said in a statement.

“In the meantime, we have contingencies in place to make sure our colleagues continue to receive their pay.”

Kronos acknowledged the ransomware attack last Monday, after noticing “unusual” activity the previous Saturday.

It said its systems could be down for several weeks and advised its customers to “evaluate and implement alternative business continuity protocols”.

Disruption

Kronos’ customers include the city of Cleveland, Ohio, New York City’s Metropolitan Transportation Authority (MTA), Tesla, MGM Resorts International, Whole Foods, Honda North America and hospitals across the US. Honda UK is reportedly not affected.

The attack affects Kronos Private Cloud, a cloud data storage offering for several of the company’s services, including UKG Workforce Central, used by employees to track hours and schedule shifts.

Kronos said after detecting the attack it took “immediate” action to investigate and mitigate the issue, alerted affected customers, informed authorities and is working with cybersecurity experts.

“We recognise the seriousness of the issue and have mobilised all available resources to support our customers and are working diligently to restore the affected services,” the company said.

In most cases staff can log hours using the offline Kronos timesheet system, but it is unclear when the systems will come back online.

Log4j vulnerability

The MTA said it had “complete confidence” staff would be paid for every hour worked.

The city of Cleveland said Kronos had alerted it last week that some sensitive data may additionally have been compromised, including staff names, addresses and the last four digits of social security numbers.

Kronos said in an FAQ page that it is “working diligently to determine whether customer data has been compromised”.

The incident occurred as organisations scrambled to patch a widespread security vulnerability known as Log4j.

Kronos said it had initiated a “rapid” patching process for Log4j and was still investigating whether the vulnerability had been used in the ransomware attack.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

SoftBank Promises To Invest $100bn In US

Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…

12 hours ago

Synopsys, SiMa.ai To Collaborate On AI Car Chips

Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…

12 hours ago

AI Start-Up Basis Raises $34m For Accountancy Agent

Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…

13 hours ago

Databricks Raises $10bn In Huge AI Funding Round

Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…

13 hours ago

Congo Files Complaints Against Apple Over Conflict Minerals

Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…

14 hours ago