Kronos hackers stole personal info of Metro-North workers, MTA says


Ransomware hackers who breached the community of MTA timeclock supplier Kronos made off with the personal data of a number of present and former Metro-North workers, transit management mentioned Thursday.

“Kronos recently informed us that some files containing personal information of some current and former MTA employees at one of our agencies – Metro-North Railroad – were accessed by the perpetrators of this ransomware incident,” MTA Chief Administrative Officer Lisette Camilo mentioned in an e-mail to the authority’s roughly 70,000 workers.

“The information accessed did not include Social Security numbers, driver’s license numbers, bank or other financial institution account numbers, or biometric information,” Camilo’s e-mail mentioned. “At this time, Kronos has no evidence that the personal information of any other MTA employees was accessed.”

The MTA has organized with Kronos and its mum or dad firm to supply all present and former workers two years of free credit score monitoring and id theft safety, the e-mail mentioned.

The back-end of the MTA’s high-end timekeeping system went darkish Dec. 13 after Kronos skilled the ransomware assault over the earlier weekend.

MTA Chief Administrative Officer Lisette Camilo
MTA Chief Administrative Officer Lisette Camilo despatched an e-mail to over 70,000 MTA workers informing them of the information breach.
Paul Martinka

Workers should nonetheless swipe out and in of work utilizing the Kronos clocks, because the native {hardware} continues to perform — although some staff are unable to obtain greater than 40 hours of wages per week and are primarily working time beyond regulation for an IOU.

MTA officers rolled out Kronos authority-wide about two years in the past after The Post uncovered allegations of time beyond regulation abuse following a collection of exposés on Long Island Rail Road staff pulling in enormous paychecks.

The “biometric” clocks require staff to swipe out and in of work, and scan their fingerprints after they achieve this — one thing consultants employed by the MTA mentioned would forestall and catch fraud.

Transit officers mentioned the leaked knowledge included “names and dates of birth” and that the MTA “has taken initial steps to enforce its legal rights.”

“The MTA is working to ensure that Kronos takes all steps necessary to address this incident and to safeguard the data of MTA employees going forward,” MTA spokesman John McCarthy mentioned in a press release. “The MTA will monitor Kronos’ progress and continue to require affirmative steps be taken to address the regrettable impact of the current cybersecurity attack.”

Comments are closed.