Skip to main content
close search
site logo
Dive Brief

NYC transit worker alleges pay violations after Kronos ransomware disruption

Published Feb. 15, 2022
Kate Tornone's headshot
Lead Editor
Naomi Eide's headshot
Managing Editor
Spencer Platt / Staff via Getty Images

First published on

HR Dive

Dive Brief:

  • A New York City transit employee filed a lawsuit alleging the Metropolitan Transit Authority (MTA) improperly withheld overtime pay during a recent outage of payroll and timekeeping system Kronos.
  • The putative collective action suit, filed Jan. 26 in the U.S. District Court for the Southern District of New York, claimed the MTA shifted to internal payroll practices when a ransomware attack took down the UKG system. Workers received their straight-time pay but the MTA "decided to arbitrarily withhold the earned overtime wages of its employees who were paid through Kronos' payroll processing services," the suit said, alleging a willful Fair Labor Standards Act violation.
  • The lawsuit also claimed the problem, which began in mid-December, is not yet resolved and the MTA has not resumed using Kronos payroll services. "It is unknown when, if ever, Defendants will resume its reliance upon Kronos payroll services, and the FLSA Plaintiffs are just expected to wait for their earned overtime wages." An MTA spokesperson told HR Dive it does not comment on pending litigation.

Dive Insight:

As the extent of the Kronos ransomware attack comes into focus, companies are beginning to file breach notifications under state laws. Puma, for example, recently notified some workers that their personal information was compromised

The Kronos outage impacted about 8 million total employees, NPR reports, including workers at FedEx, PepsiCo and Whole Foods.

The attack against Kronos Private Cloud follows a series of supply-chain cyberattacks that halted customer operations last year. A compromise of the Accellion FTA vulnerability resulted in a series of customer breaches, included Morgan Stanley, Goodwin Procter and Kroger. 

Remote monitoring and endpoint management firm Kaseya had a prolonged outage following a ransomware attack. Recovery was delayed by the FBI's decisions to withhold a decryption key

The fallout of cyberattacks can have real-world effects and if recovery is drawn out, can run afoul of mandates outside of the data breach notification realm. The MTA suit, for example, points to U.S. Department of Labor regulations that generally require workers' "overtime compensation earned in a particular workweek must be paid on the regular pay day for the period in which such workweek ends."

If the correct amount of overtime pay can’t be determined until after the regular pay period, employers are permitted to delay payment but no longer "than is reasonably necessary for the employer to compute and arrange for payment of the amount due and in no event may payment be delayed beyond the next payday after such computation can be made," the rules state.

It’s unclear whether the Kronos outage and employers’ responses will ultimately result in any wage and hour liability for employers, but experts told HR Dive at the time of the outage encouraged businesses to move quickly to avoid such issues.

While federal law may not set hard deadlines for pay, some states and cities do, experts said, suggesting employers that lost timekeeping data in the breach immediately ask employees to report their hours worked.

Filed Under: Breaches

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell