IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Santa Fe, N.M., Keeping Employee Time After Ransomware Attack

The city of Santa Fe is using manual timekeeping methods for employees after a ransomware attack on Ultimate Kronos Group, the vendor that provides the city’s time-tracking system, officials have announced.

A lock formed from lines of red code on top of a silver file folder icon. The background is lines of black code against a white backdrop.
Shutterstock
(TNS) — The city of Santa Fe is using manual timekeeping methods for employees after a ransomware attack on Ultimate Kronos Group, the vendor that provides the city’s time-tracking system.

City spokesman Dave Herndon said the city was notified of the attack early Sunday, forcing officials to switch to manual timekeeping to track employee hours.

The city relies on Ultimate Kronos Group software to log and store the hours employees have worked, but until the issue is fixed, Herndon said, the city will use spreadsheets to track employee hours.

“Our payroll team worked diligently to adjust and our ITT Department continues to be in communication with [Ultimate Kronos Group] for any new information,” Herndon wrote in an email.

In a ransomeware attack, a hacker gains access to a computer system and encrypts important and valuable data before asking for a payment to unlock it.

According to a blog post from Executive Vice President Bob Hughes on the company’s website, Ultimate Kronos Group became aware of the attack Dec. 11 after noticing “unusual activity” surrounding the system that holds Kronos’ Workforce Central System data.

The company in an online statement said it was working with “leading cybersecurity experts” to help investigate the hack, and Hughes said it likely will take two weeks to restore the system.

Kronos, one of the world’s largest human resources firms, has a number of high-profile clients, including several city governments and large corporations such as Whole Foods, Staples and Tesla.

The company said it is unclear who is responsible for the attack or whether any sensitive data was stolen.

Herndon wrote in an email the city did not store any personal information on the system and only used Kronos for timekeeping, while using another program, Munis, for payroll processing.

Still, the city of Cleveland issued a statement shortly after the hack warning employees that personal data, including the last four digits of their Social Security numbers, could have been compromised.

It’s also unclear if the hack had anything to do with a glaring wide-scale cybersecurity vulnerability found last week called Log4jk. The flaw affects a widely used open-source software intended to allow companies to track how their systems are operating and find potential bugs.

The software has a flaw that allows a hacker to gain access to a device or system running it. Major tech companies including Google and IBM have been rushing to address the weakness.

Kronos mentions the vulnerability in a notification at the top of its website, but the company did not say whether it believes the two are connected.

© 2021 The Santa Fe New Mexican (Santa Fe, N.M.). Distributed by Tribune Content Agency, LLC.