Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Businesses

A Month After Ransomware Attack, Hundreds of Workers Are Still Owed Pay (nbcnews.com) 40

NBC News tells the story of Rich, a Coca-Cola delivery driver who didn't get a paycheck at Christmas because of a ransomware attack on the payroll company serving Coke's largest distributor.

But then "more than a month after hackers crippled Kronos," paychecks to its employees in Indiana, Ohio and West Virginia "have been sporadic, according to union representatives." Rich, who asked not to be identified by his last name for fear of retaliation from his employer, is among hundreds of workers who deliver Coke products in at least three states who say they're still owed wages — fallout from one of the many ransomware attacks that hit U.S. companies practically every day. Rich, a father of three, said he's had to dip into his savings, which have dwindled down in recent weeks. "They went from $1,100, $1,200 a week to $300, $600," he said of his paychecks. "I got one $300 paycheck, and I called and told them exactly what I needed paid, and they sent me a $46 check...."

"We've got 130 people and they've all got problems," said Max Zemla, the president of the Cleveland-area Teamsters Local 293. "Some are telling me they're not as bad off. I have a guy who's off a thousand dollars. Uses his money for his kid's tuition for school, and he's not able to pay it...."

"The timekeeping vendor Kronos that suffered the attack is in the process of coming back online," [said Josh Gelinas, Coca-Cola Consolidated's vice president of communications February 1st] in an emailed statement. "But, until these digital systems are fully restored, we must continue manually recording work hours for thousands of our teammates. This process is taking longer than we would like and may have resulted in some inconsistencies, but our teammates will be paid for every hour they've worked...."

[NBC reports that a spokesperson for Kronos "noted that the company announced on Jan. 22 that it had finally restored all its services."]

Jeff Combs, the secretary treasurer of Teamsters Local 135 in Indianapolis, said the vast majority of the roughly 200 Coca-Cola Consolidated employees he represents are still owed pay. "Some are still owed as high as $4,700," Combs said.

Rich complains to NBC News that "now my savings have dwindled down because a billion-dollar company can't give you an average paycheck." But it shows ransomware's effects ultimately reach farther than we realize. "It's often assumed that ransomware mainly affects governments and major corporations because it's those incidents that make the news," a ransomware analyst at Emsisoft tells NBC News.

"The reality, however, is that more than half of all ransomware victims are small businesses and individuals. And, unfortunately, they are usually not as well prepared to deal with the problem as larger organizations and probably feel more pain as a result."
This discussion has been archived. No new comments can be posted.

A Month After Ransomware Attack, Hundreds of Workers Are Still Owed Pay

Comments Filter:
  • Rich is wrong. (Score:2, Informative)

    I'm not sure why he thinks he works for Coca-Cola (the billion dollar company) when he actually works for a distributor. Coca-Cola isn't responsible for paying him and his Teamster's representative should not have to explain that to him.

    • by deKernel ( 65640 )

      I came here to say this exact thing, but you beat me to the punch.

    • They carry the name "Coca-Cola", so the buck stops at the top. You have to go where the money is, and make it their problem for a swift solution

    • Re:Rich is wrong. (Score:5, Informative)

      by sjames ( 1099 ) on Sunday February 06, 2022 @05:41PM (#62244159) Homepage Journal

      It seems you are confused. Where did you get the idea that Rich is at all confused about who he works for?

      He works for Coca Cola Consolidated, identified in TFA as the largest Coca Cola distributor. He delivers Coca Cola.

    • You are wrong. Where did you get the idea he thinks he works for Coca-Cola?
    • If you really dig into it, there's a non-zero chance his w2 says he works for kronos.

  • "The timekeeping vendor Kronos" find a new vendor! If the companies Security Policy including their recovery plan is this bad or non existent the company screwed the pooch.
  • by oldgraybeard ( 2939809 ) on Sunday February 06, 2022 @05:32PM (#62244135)
    The Distributors CEO, etc and IT related C-Suite employees all failed their jobs. Wonder if any of them are still waiting for paychecks?
  • by hdyoung ( 5182939 ) on Sunday February 06, 2022 @05:33PM (#62244145)
    paying timely wages. They’re responsible for their IT infrastructure. It’s ALL on them. This isnt supposed to happen in the US. Our capitalist system has shaved lower-middle-class pay so close to the bone that missing a single month paycheck can put a lot of families over the edge. Fine - I understand the advantages of efficiency, but in those circumstances companies MUST PAY ON TIME. If this goes on much further, employees should find another job and sue for wage theft. Blue collar workers are in red hot demand right now, and American courts are actually pretty brutal on employers that don’t pay their employees what they earned.
    • by grasshoppa ( 657393 ) on Sunday February 06, 2022 @06:23PM (#62244269) Homepage

      Failure to pay in a timely manner is illegal in most states; I'd be interested in hearing why legal action hasn't yet been pursued.

      Regardless, if we're talking about an almost 2 month disruption due to malware, that's not normal disruption; that's not even normal incompetence. This is IT maleficence. Not the line level folks, but the directors, the VPs. They were told what would be needed to ensure close to 24/7 uptime and they chose not to do it.

      I bet they haven't missed a cent of their pay.

      • by taustin ( 171655 ) on Sunday February 06, 2022 @06:38PM (#62244325) Homepage Journal

        Failure to pay in a timely manner is illegal in most states

        It's illegal in all states and territories, being a violation of federal labor law.

        It's more illegal in many states, and two months is bordering on criminal in some.

        • It is illegal. It happens not just in the US, but worldwide.

          But because it's a "white collar crime", in other words, committed by Billionaires, not ordinary people, the punishment is a slap on the wrist. Perhaps they will be made to apologise and promise, don't do it again.

          (I know, small fish do it too, they get "grandfathered in", because, small business economy, etc).

          Now, if a few big fish started to go to jail, THEN, wage theft might start to slow down a little. It'll never be eliminated.

        • by DarkOx ( 621550 )

          I said this when the story first broke and its even more egregious now.

          I don't care about the security/recovery/redundancy choices at Kronos. "Accept the risk" is a fine and perfectly legitimate approach - provide you accept and are willing to bear the consequences if your bet against X,Y,Z happening goes against you.

          This goes for the companies that decided to throw payroll processing over the wall and outsource it. They too should have had a plan to get proper compensation owed to employees out on time ev

  • by 93 Escort Wagon ( 326346 ) on Sunday February 06, 2022 @05:34PM (#62244147)

    Nice to see that Jeff Combs was able to land a good gig after the Star Trek stuff wrapped up.

  • This is so wrong (Score:4, Insightful)

    by battingly ( 5065477 ) on Sunday February 06, 2022 @05:48PM (#62244181)
    He has to fear retaliation for simply reporting that he hasn't been paid?
    • It's not so much "wrong" as much as the downside of a good design. It's a "at will" concept and cuts both ways.

      I know a company that just did a reorg and restructuring. In two months, 4/5 members of their dev and maintenance team left. Ops for those tools have come to a halt. Company is shocked but odd they didn't expect this if they basically blocked good raises for that group while they can get better offers outside.

      I say better design because the law can't really protect you from retaliation (also, the

    • No one likes to be told or shown that they made a mistake or have a problem. I personally HATE inconveniencing someone by being incompetent or dropping the ball due to outside circumstances. Even if it isn't my fault directly, if I am responsible for something I ultimately am to blame if something is wrong. But I would rather know about the problem so I could move heaven and earth to fix it and then make things right for those I have wronged.

      If it was their fault directly, or their fault by being the respon

  • Furthermore, they caused Cpt. Sulu's tea to spill.

  • "The timekeeping vendor Kronos that suffered the attack is in the process of coming back online," [said Josh Gelinas, Coca-Cola Consolidated's vice president of communications February 1st] in an emailed statement. "But, until these digital systems are fully restored, we must continue manually recording work hours for thousands of our teammates. This process is taking longer than we would like and may have resulted in some inconsistencies, but our teammates will be paid for every hour they've worked...."

    I remember when this was a physical card that got clock stamped and put in a rack with the other.

    • New and Modern does not mean it is better. Often technology just adds more single points of failure/illegal entry. The Cloud "Is" Secure! well until it isn't.
    • That timecard was then collected by payroll. The time was added up on a "calculator", and multiplied by the hourly wage. This was then entered into a large book with lots of lines called a ledger. The payroll employee then wrote out a check to the employee in the correct amount, and stamped it with the CFO's signature.

      But this is the 21st century, and that calculator does ALL the work now.
  • auto deducts the wages immediately from the Distributors bank account. The distributor is out their money and their employees did not get paid. The distributor is also out all the payroll taxes owed because Kronos probably pays the government their cut also. And when the government comes knocking their not going to Kronos they are going direct to the distributor. This business will pay a price for choosing the wrong payroll cloud service vendor. Who falsely advertised secure cloud payroll services.
    • by MeNeXT ( 200840 )

      The withdrawal happens after the payroll is calculated. If they can calculate the payroll to make the withdrawal, then they can easily make the payment to the employees. It seems to me that they weren't adequately backedup to completely recover and they are now manually recreating the registers.

      Most never test back up recovery until some emergency. Some are lucky and everything works. The horror stories we hear about are those that never tested and unlucky. I bet Kronos had no contingency plan on recovery f

  • One of the biggest golden rules I had hammered into me by business owners and managers over the years is DO NOT FUCK WITH PEOPLES PAY. PAY IT ON TIME EVERY TIME AND PAY IT CORRECTLY

  • According to a July 31, 2018 report by the Standing Senate Committee on National Finance, which was chaired by Senator Percy Mockler, the Phoenix system was an "international embarrassment". It had "failed to properly pay nearly half of Canada's workforce of public servants, representing 153,000 people. MULTI YEAR FAILURE!!!
  • While it isn't always practical to kill the perps that should not be off the table.

    Humans only respect credible threats and exemplary application of brutality, so brutal options should always be in the toolbox. What we have the power to do should not know "moral" restraint against enemies outside morality for in their case conventional morality is weakness. Laws exist to manage beasts and when they become an impediment should be selectively discarded. Only victory matters, not enemy lives.

    • While it isn't always practical to kill the perps that should not be off the table.

      The criminals responsible for not paying the employees are the executives of the company. It's their responsibility to come up with an alternate system of paying wages in a timely fashion. It's outright illegal not to pay wages, and it's generally illegal to fire employees for complaining, stating that they will file a complaint, or filing a complaint with their labor board.

      I think killing the execs is a little extreme, let's just seize their assets.

  • by geekmux ( 1040042 ) on Monday February 07, 2022 @03:44AM (#62245197)

    "The reality, however, is that more than half of all ransomware victims are small businesses and individuals. And, unfortunately, they are usually not as well prepared to deal with the problem as larger organizations..."

    While this statement may be true, it's reduced down to little more than a bullshit excuse when speaking about companies like Coca-Cola and UKG (makers of Kronos timekeeping)

    UKG is not a "small" business by any definition. Hell, if ADP were "Coke", they are "Pepsi" in this space, so here's a relevant question a month later when companies are still managing payroll manually; how many UKG executives went without a paycheck, or is this when one of the world's largest "dog food" providers is forced to admit they don't eat their own dog food...

  • A leader would just average the three last months and pay this per default until the systems are back online and the backlog can be worked.

    At least I would do that. But then again, it isn't news that my asperger ass is too pragmatic and not sociopathic enough to be in management.

    What I do not understand is how a whole citizenship has been tamed and trained to take this without doing more than complaining.

    Granted, I am currently looking for a job bfrom the foundation of ongoing employment in a dried up marke

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...