Thursday, March 28, 2024

Data of Puma Employees Stolen in Kronos Ransomware Attack

Data of 6,632 Puma employees was stolen in a December 2021 ransomware attack that hit HR management platform Ultimate Kronos Group (UKG).

Identified on December 11, the attack targeted Kronos Private Cloud, a service on which UKG runs applications such as Banking Scheduling Solutions, Healthcare Extensions, UKG TeleStaff, and UKG Workforce Central.

Kronos immediately launched an investigation into the attack and last month discovered that Puma was one of the customers impacted by the incident.

“Regrettably, this letter is to inform you that we were recently the victim of a ransomware attack that involved some of your personal information, which was provided to us in connection with the services we provide to PUMA,” UKG says in a notification letter sent to the impacted individuals.

In its letter, Kronos informed the affected individuals that the malicious actor behind the attack had access to its cloud-based environment before deploying the ransomware.

“Since the attack was discovered, Kronos has been conducting a comprehensive review of the impacted environment to determine whether any individual’s personal information was subject to unauthorized access or acquisition,” the company said.

Kronos says it confirmed the theft of personal data on January 7, 2022, and that Puma was notified of the incident on January 10.

The company also says it has taken the necessary steps to ensure it can prevent similar incidents, by strengthening the security of its IT systems and implementing expanded scanning and monitoring capabilities.

In a filing with the Maine Attorney General’s Office, UKG revealed that potentially exposed data includes names, Social Security numbers, and other personal information.

Recommended:  Silver Peak addresses three-pronged RCE exploit in Unity Orchestrator

You may also enjoy reading, The largest DDoS to date, Microsoft mitigates a 3.47 Tbps DDoS attack

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
ClosePlease login
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

User Avatar
Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security