The defendants in this data breach case are UKG, Inc. and Kronos Incorporated, but the plaintiff and class members were employed by MaineHealth. It appears that MaineHealth used Kronos and/or UKG for various personnel purposes, and that the data breach caused the workers’ personally identifiable information (PII) to be accessed by unauthorized parties. The complaint alleges that defendants did not take adequate measures to protect the information.
The National Class for this action is all individuals whose PII was compromised as a result of the Kronos data breach announced by UKG and Kronos on or about December 11, 2021.
UKG (Ultimate Kronos Group) was formed by a merger between Kronos and Ultimate Software. The complaint alleges that MaineHealth, part of one of the largest healthcare systems in Maine, used the Kronos Private Cloud “to manage work schedules, track hours, and calculate paychecks.”
According to the complaint, the companies “fail[ed] to implement and maintain reasonable safeguards to protect” the information it had been entrusted with, and cybercriminals were able to carry out a ransomware attack on the Kronos server.
The complaint dates the data breach to December 11, 2021, and says the “Kronos Private Cloud was rendered unusable.”
It alleges that the incident exposed the PII of some eight million people. The information held in the system included names, addresses, Social Security numbers, and employee IDs. As a result, the complaint alleges that the employees now are at “an immediate and heightened risk of all manners of identity theft.”
The complaint alleges that the companies were aware of the risk of cyberattacks, which have been in the headlines in recent years. The companies claimed to provide adequate security protections for PII, the complaint alleges, but in reality did not. “Defendants negligently failed to take the necessary precautions required to safeguard and protect the PKK of Plaintiff and Class Members from unauthorized disclosure. Defendant[s’] actions represent a flagrant disregard of Plaintiff’s and the other Class Members’ rights, both as to privacy and property.
To make matters worse, the complaint alleges that the companies have not provided adequate compensation to the individual victims whose PII was stolen: “Defendants have not offered credit monitoring… Defendants have not offered class members any assistance in dealing with the IRS or state tax agencies. Nor have Defendants offered to reimburse Class Members for any costs incurred as a result of falsely filed tax returns, a likely consequence of the Data Breach.”
The causes of action include negligence, negligence per se, and invasion of privacy, among other things.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
UKG, Kronos Data Breach Complaint
June 16, 2022
The defendants in this data breach case are UKG, Inc. and Kronos Incorporated, but the plaintiff and class members were employed by MaineHealth. It appears that MaineHealth used Kronos and/or UKG for various personnel purposes, and that the data breach caused the workers’ personally identifiable information (PII) to be accessed by unauthorized parties. The complaint alleges that defendants did not take adequate measures to protect the information.
UKG, Kronos Data Breach ComplaintCase Event History
UKG, Kronos Data Breach Complaint
June 16, 2022
The defendants in this data breach case are UKG, Inc. and Kronos Incorporated, but the plaintiff and class members were employed by MaineHealth. It appears that MaineHealth used Kronos and/or UKG for various personnel purposes, and that the data breach caused the workers’ personally identifiable information (PII) to be accessed by unauthorized parties. The complaint alleges that defendants did not take adequate measures to protect the information.
UKG, Kronos Data Breach Complaint