A Month After Ransomware Attack, Hundreds of Workers Are Still Owed Pay (nbcnews.com) 40
NBC News tells the story of Rich, a Coca-Cola delivery driver who didn't get a paycheck at Christmas because of a ransomware attack on the payroll company serving Coke's largest distributor.
But then "more than a month after hackers crippled Kronos," paychecks to its employees in Indiana, Ohio and West Virginia "have been sporadic, according to union representatives." Rich, who asked not to be identified by his last name for fear of retaliation from his employer, is among hundreds of workers who deliver Coke products in at least three states who say they're still owed wages — fallout from one of the many ransomware attacks that hit U.S. companies practically every day. Rich, a father of three, said he's had to dip into his savings, which have dwindled down in recent weeks. "They went from $1,100, $1,200 a week to $300, $600," he said of his paychecks. "I got one $300 paycheck, and I called and told them exactly what I needed paid, and they sent me a $46 check...."
"We've got 130 people and they've all got problems," said Max Zemla, the president of the Cleveland-area Teamsters Local 293. "Some are telling me they're not as bad off. I have a guy who's off a thousand dollars. Uses his money for his kid's tuition for school, and he's not able to pay it...."
"The timekeeping vendor Kronos that suffered the attack is in the process of coming back online," [said Josh Gelinas, Coca-Cola Consolidated's vice president of communications February 1st] in an emailed statement. "But, until these digital systems are fully restored, we must continue manually recording work hours for thousands of our teammates. This process is taking longer than we would like and may have resulted in some inconsistencies, but our teammates will be paid for every hour they've worked...."
[NBC reports that a spokesperson for Kronos "noted that the company announced on Jan. 22 that it had finally restored all its services."]
Jeff Combs, the secretary treasurer of Teamsters Local 135 in Indianapolis, said the vast majority of the roughly 200 Coca-Cola Consolidated employees he represents are still owed pay. "Some are still owed as high as $4,700," Combs said.
Rich complains to NBC News that "now my savings have dwindled down because a billion-dollar company can't give you an average paycheck." But it shows ransomware's effects ultimately reach farther than we realize. "It's often assumed that ransomware mainly affects governments and major corporations because it's those incidents that make the news," a ransomware analyst at Emsisoft tells NBC News.
"The reality, however, is that more than half of all ransomware victims are small businesses and individuals. And, unfortunately, they are usually not as well prepared to deal with the problem as larger organizations and probably feel more pain as a result."
But then "more than a month after hackers crippled Kronos," paychecks to its employees in Indiana, Ohio and West Virginia "have been sporadic, according to union representatives." Rich, who asked not to be identified by his last name for fear of retaliation from his employer, is among hundreds of workers who deliver Coke products in at least three states who say they're still owed wages — fallout from one of the many ransomware attacks that hit U.S. companies practically every day. Rich, a father of three, said he's had to dip into his savings, which have dwindled down in recent weeks. "They went from $1,100, $1,200 a week to $300, $600," he said of his paychecks. "I got one $300 paycheck, and I called and told them exactly what I needed paid, and they sent me a $46 check...."
"We've got 130 people and they've all got problems," said Max Zemla, the president of the Cleveland-area Teamsters Local 293. "Some are telling me they're not as bad off. I have a guy who's off a thousand dollars. Uses his money for his kid's tuition for school, and he's not able to pay it...."
"The timekeeping vendor Kronos that suffered the attack is in the process of coming back online," [said Josh Gelinas, Coca-Cola Consolidated's vice president of communications February 1st] in an emailed statement. "But, until these digital systems are fully restored, we must continue manually recording work hours for thousands of our teammates. This process is taking longer than we would like and may have resulted in some inconsistencies, but our teammates will be paid for every hour they've worked...."
[NBC reports that a spokesperson for Kronos "noted that the company announced on Jan. 22 that it had finally restored all its services."]
Jeff Combs, the secretary treasurer of Teamsters Local 135 in Indianapolis, said the vast majority of the roughly 200 Coca-Cola Consolidated employees he represents are still owed pay. "Some are still owed as high as $4,700," Combs said.
Rich complains to NBC News that "now my savings have dwindled down because a billion-dollar company can't give you an average paycheck." But it shows ransomware's effects ultimately reach farther than we realize. "It's often assumed that ransomware mainly affects governments and major corporations because it's those incidents that make the news," a ransomware analyst at Emsisoft tells NBC News.
"The reality, however, is that more than half of all ransomware victims are small businesses and individuals. And, unfortunately, they are usually not as well prepared to deal with the problem as larger organizations and probably feel more pain as a result."
Rich is wrong. (Score:2, Informative)
I'm not sure why he thinks he works for Coca-Cola (the billion dollar company) when he actually works for a distributor. Coca-Cola isn't responsible for paying him and his Teamster's representative should not have to explain that to him.
Re: (Score:1)
I came here to say this exact thing, but you beat me to the punch.
Re: (Score:2)
They carry the name "Coca-Cola", so the buck stops at the top. You have to go where the money is, and make it their problem for a swift solution
Re: (Score:2)
Nice theory, but the law says otherwise.
Re: (Score:1)
The media writes articles for an audience that has about as much understanding of business as they do of Parker Brother's Monopoly (now Hasbro's and probably Baby Yoda themed).
Re: (Score:2)
Uhm, yeah. The problem is that the guy actually works for a distributor who resells the Coca-Cola product.
Re:Rich is wrong. (Score:4, Informative)
As it turns out, Coca-Cola Consolidated has a market cap of 5.something billion dollars, so they're not exactly poor either.
Re:Rich is wrong. (Score:5, Informative)
It seems you are confused. Where did you get the idea that Rich is at all confused about who he works for?
He works for Coca Cola Consolidated, identified in TFA as the largest Coca Cola distributor. He delivers Coca Cola.
Re: (Score:2)
Re: (Score:3)
If you really dig into it, there's a non-zero chance his w2 says he works for kronos.
Re: (Score:1)
I'm curious why his Teamster's Union isn't helping out with a pay issue. What good are his dues if the union can't help an IBT brother out. Don't they have an emergency fund for something like this?
I think it's cute that you believe the Unions exist to serve their members.
Note to all customers of (Score:2)
Kronos (Score:2)
it's interesting that they used that name. Kronos got "merged" and changed their name UKG. [wikipedia.org] I was also under the impression that unions had lawyers. Where are the lawsuits?
Pound Sand! Rich is fine! (Score:5, Insightful)
Company is responsible for (Score:4, Interesting)
Re:Company is responsible for (Score:4)
Failure to pay in a timely manner is illegal in most states; I'd be interested in hearing why legal action hasn't yet been pursued.
Regardless, if we're talking about an almost 2 month disruption due to malware, that's not normal disruption; that's not even normal incompetence. This is IT maleficence. Not the line level folks, but the directors, the VPs. They were told what would be needed to ensure close to 24/7 uptime and they chose not to do it.
I bet they haven't missed a cent of their pay.
Re:Company is responsible for (Score:4)
Failure to pay in a timely manner is illegal in most states
It's illegal in all states and territories, being a violation of federal labor law.
It's more illegal in many states, and two months is bordering on criminal in some.
Re: (Score:2)
It is illegal. It happens not just in the US, but worldwide.
But because it's a "white collar crime", in other words, committed by Billionaires, not ordinary people, the punishment is a slap on the wrist. Perhaps they will be made to apologise and promise, don't do it again.
(I know, small fish do it too, they get "grandfathered in", because, small business economy, etc).
Now, if a few big fish started to go to jail, THEN, wage theft might start to slow down a little. It'll never be eliminated.
Re: (Score:2)
I said this when the story first broke and its even more egregious now.
I don't care about the security/recovery/redundancy choices at Kronos. "Accept the risk" is a fine and perfectly legitimate approach - provide you accept and are willing to bear the consequences if your bet against X,Y,Z happening goes against you.
This goes for the companies that decided to throw payroll processing over the wall and outsource it. They too should have had a plan to get proper compensation owed to employees out on time ev
Wow, Teamsters Secretary Treasurer! (Score:4, Funny)
Nice to see that Jeff Combs was able to land a good gig after the Star Trek stuff wrapped up.
Re: (Score:3)
I'll show myself out.
This is so wrong (Score:4, Insightful)
Re: This is so wrong (Score:2)
It's not so much "wrong" as much as the downside of a good design. It's a "at will" concept and cuts both ways.
I know a company that just did a reorg and restructuring. In two months, 4/5 members of their dev and maintenance team left. Ops for those tools have come to a halt. Company is shocked but odd they didn't expect this if they basically blocked good raises for that group while they can get better offers outside.
I say better design because the law can't really protect you from retaliation (also, the
Re: (Score:1)
No one likes to be told or shown that they made a mistake or have a problem. I personally HATE inconveniencing someone by being incompetent or dropping the ball due to outside circumstances. Even if it isn't my fault directly, if I am responsible for something I ultimately am to blame if something is wrong. But I would rather know about the problem so I could move heaven and earth to fix it and then make things right for those I have wronged.
If it was their fault directly, or their fault by being the respon
And worse... (Score:2)
Furthermore, they caused Cpt. Sulu's tea to spill.
Newer isn't better. (Score:2)
"The timekeeping vendor Kronos that suffered the attack is in the process of coming back online," [said Josh Gelinas, Coca-Cola Consolidated's vice president of communications February 1st] in an emailed statement. "But, until these digital systems are fully restored, we must continue manually recording work hours for thousands of our teammates. This process is taking longer than we would like and may have resulted in some inconsistencies, but our teammates will be paid for every hour they've worked...."
I remember when this was a physical card that got clock stamped and put in a rack with the other.
Re: (Score:2)
Re: (Score:2)
But this is the 21st century, and that calculator does ALL the work now.
The problem here is that Knonos (Score:2)
Re: (Score:2)
The withdrawal happens after the payroll is calculated. If they can calculate the payroll to make the withdrawal, then they can easily make the payment to the employees. It seems to me that they weren't adequately backedup to completely recover and they are now manually recreating the registers.
Most never test back up recovery until some emergency. Some are lucky and everything works. The horror stories we hear about are those that never tested and unlucky. I bet Kronos had no contingency plan on recovery f
Golden Rule (Score:2)
One of the biggest golden rules I had hammered into me by business owners and managers over the years is DO NOT FUCK WITH PEOPLES PAY. PAY IT ON TIME EVERY TIME AND PAY IT CORRECTLY
Ransomware got nothing on Phoenix Pay System (Score:2)
Ransomware is terrorism (Score:2)
While it isn't always practical to kill the perps that should not be off the table.
Humans only respect credible threats and exemplary application of brutality, so brutal options should always be in the toolbox. What we have the power to do should not know "moral" restraint against enemies outside morality for in their case conventional morality is weakness. Laws exist to manage beasts and when they become an impediment should be selectively discarded. Only victory matters, not enemy lives.
Re: (Score:2)
While it isn't always practical to kill the perps that should not be off the table.
The criminals responsible for not paying the employees are the executives of the company. It's their responsibility to come up with an alternate system of paying wages in a timely fashion. It's outright illegal not to pay wages, and it's generally illegal to fire employees for complaining, stating that they will file a complaint, or filing a complaint with their labor board.
I think killing the execs is a little extreme, let's just seize their assets.
A Billion Dollar Excuse (Score:4, Interesting)
"The reality, however, is that more than half of all ransomware victims are small businesses and individuals. And, unfortunately, they are usually not as well prepared to deal with the problem as larger organizations..."
While this statement may be true, it's reduced down to little more than a bullshit excuse when speaking about companies like Coca-Cola and UKG (makers of Kronos timekeeping)
UKG is not a "small" business by any definition. Hell, if ADP were "Coke", they are "Pepsi" in this space, so here's a relevant question a month later when companies are still managing payroll manually; how many UKG executives went without a paycheck, or is this when one of the world's largest "dog food" providers is forced to admit they don't eat their own dog food...
Well, you know where you stand now (Score:2)
A leader would just average the three last months and pay this per default until the systems are back online and the backlog can be worked.
At least I would do that. But then again, it isn't news that my asperger ass is too pragmatic and not sociopathic enough to be in management.
What I do not understand is how a whole citizenship has been tamed and trained to take this without doing more than complaining.
Granted, I am currently looking for a job bfrom the foundation of ongoing employment in a dried up marke