Kronos Payroll Provider Used By YU Suffers Ransomware Attack, Expecting ‘Several Weeks’ Unavailability

Kronos, a third-party payroll provider used by YU for its student and university employees, suffered a ransomware attack over the weekend on Dec. 11, according to a statement by UKG, the company controlling Kronos. The system is expected to be unavailable for several weeks.

In an email sent by Associate Dean of Students Sara Asher on Monday, Dec. 13, Chief Human Resources Officer Julia Auster noted that YU’s Kronos information does not contain employees’ Social Security numbers or dates of birth. YU has “no reason to believe confidential information of YU students or personnel would have been affected,” she said. Kronos is still unsure about the scope of the attack and what information was stolen.

“This affects everyone’s ability to access Kronos and record time,” Auster wrote. She explained that employees on the Dec. 10 bi-weekly payroll or Dec. 15 semi-monthly payroll should not be affected, but those under the Dec. 23 bi-weekly payroll may be. YU is currently in contact with Kronos and creating alternative plans to pay its employees while Kronos is unavailable. 

“Given that it may take up to several weeks to restore system availability, we strongly recommend that you evaluate and implement alternative business continuity protocols related to the affected UKG solutions,” the company statement said. UKG is expected to provide an update within the next day.

As of publication, Auster did not respond to The Commentator’s inquiries regarding the breach.

On Dec. 8, YU’s Information Technology Services (ITS) warned via email that “many” students were receiving “spam and phishing” emails that hackers use to “take advantage” of students. In a screenshot attached to ITS’ email, a student was offered $750 for a personal assistant position with instructions on how to proceed further. 

ITS instructed students to forward suspicious emails to abuse@yu.edu and avoid opening any attachments or links.

In April 2021, a different third-party provider used by YU was hacked in a more serious data breach. Hackers stole YU students’ and employees’ personal information, including Social Security numbers and home addresses, from Accellion Inc., a vendor that stored and transferred files for YU. Other universities were also impacted by the cyberattack, which held some universities’ information for ransom.

YU students were spammed with thousands of emails from hackers, and The Commentator confirmed that several students’ information was obtained through the attack and posted on the dark web. 

At the time, ITS said it was investigating the incident and would share future updates. The university did not communicate any updates to students since its initial April email.

Some students affected by the Kronos hack were disconcerted by the situation but appreciative of YU’s efforts to resolve the issue. “It’s nice to know that Yeshiva University is doing what they can to remedy the problem,” said Yoni Mayer (YC ‘23), a student assistant at the Mendel Gottesman Library. “However, as a student employee, it is concerning that there will be no way to record our hours for a significant time.”

In a statement sent to The Commentator, a UKG spokesperson said, “We recognize the seriousness of the issue and have mobilized all available resources to support our customers and are working diligently to restore the affected services.”

—

Photo Caption: Wilf Campus

Photo Credit: Yeshiva University