fbpx

UKG Data Breach and Shutdown of Payroll System Class Action

UKG, Inc. offers workforce management software. In this role, says the complaint for this class action, it collects data on workers for companies like PepsiCo, Tesla, GameStop, the University of California, and healthcare organizations. The complaint alleges UKG failed to put in place adequate safeguards to protect the information it held in its systems, leading to a data breach that began in December 2021.

UKG stands for Ultimate Kronos Group. The attack on the company came in the form of a ransomware attack on Kronos Private Cloud, the company’s timekeeping system. The attack exposed the information of millions of employees, the complaint alleges, and “also crippled timekeeping and payroll systems, resulting in workers not being paid, being paid late, or being paid incorrectly.”

The attack began on or around December 11, 2021. Two days later, the complaint alleges, UKG made an announcement about the data breach, saying that it might take as long as several weeks to restore its systems. While the company made further announcements in the following months, the complaint alleges that the company continued to say the investigation was “ongoing” and claims, “To date, UKG has not confirmed what information was stolen.”

The plaintiff in this case, Adam Bente, is employed by Family Health Centers of San Diego (FHCSD), a nonprofit healthcare provider for whom UKG handles payroll. Because of the shutdown of UKG’s payroll services, the complaint alleges, “All [FHCSD] employees were forced to find alternative sources of income to pay their bills, mortgages, and necessities, … during the midst of the holiday season.”

The complaint alleges, “In addition to their paychecks being affected, [Bente’s] and all FDCSD employees’ sensitive and confidential PII was obtained by unauthorized hackers and sold on the dark web.” Among other things, the complaint alleges that Bente received a notice from his credit card company saying that his Social Security number had been found on the dark web.

The complaint says that the FBI has created a document entitled How to Protect Your Networks from Ransomware. Although ransomware attacks are frequent, the complaint claims the document says that “there are very effective prevention and response actions that can significantly mitigate the risks.”

The complaint asserts, “UKG could have prevented the data breach by properly utilizing best practices as advised by the federal government.” It claims, “UKG has the resources to prevent a breach, but neglected to adequately invest in data security, despite the growing number of well-publicized breaches.”

Two classes and two subclasses have been proposed for this action:

  • The Nationwide Data Breach Class is all US citizens whose personal information was exposed in the Kronos data breach.
  • The Nationwide Payroll Class is all US citizens whose paychecks were paid late, inaccurately, or not at all as a result of the Kronos data breach.
  • The California Data Breach Subclass and California Payroll Subclass are those in the above classes who are California residents.
Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

UKG Data Breach and Shutdown of Payroll System Complaint

March 4, 2022

UKG, Inc. offers workforce management software. In this role, says the complaint for this class action, it collects data on workers for companies like PepsiCo, Tesla, GameStop, the University of California, and healthcare organizations. The complaint alleges UKG failed to put in place adequate safeguards to protect the information it held in its systems, leading to a data breach that began in December 2021.

UKG Data Breach and Shutdown of Payroll System Complaint

Case Event History

UKG Data Breach and Shutdown of Payroll System Complaint

March 4, 2022

UKG, Inc. offers workforce management software. In this role, says the complaint for this class action, it collects data on workers for companies like PepsiCo, Tesla, GameStop, the University of California, and healthcare organizations. The complaint alleges UKG failed to put in place adequate safeguards to protect the information it held in its systems, leading to a data breach that began in December 2021.

UKG Data Breach and Shutdown of Payroll System Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Failure to Pay Wages on Time, Your Privacy