Kronos hackers stole private data of Metro-North employees, MTA says


Ransomware hackers who breached the community of MTA timeclock supplier Kronos made off with the private data of a number of present and former Metro-North workers, transit management mentioned Thursday.

“Kronos recently informed us that some files containing personal information of some current and former MTA employees at one of our agencies – Metro-North Railroad – were accessed by the perpetrators of this ransomware incident,” MTA Chief Administrative Officer Lisette Camilo mentioned in an electronic mail to the authority’s roughly 70,000 workers.

“The information accessed did not include Social Security numbers, driver’s license numbers, bank or other financial institution account numbers, or biometric information,” Camilo’s electronic mail mentioned. “At this time, Kronos has no evidence that the personal information of any other MTA employees was accessed.”

The MTA has organized with Kronos and its father or mother firm to supply all present and former workers two years of free credit score monitoring and id theft safety, the e-mail mentioned.

The back-end of the MTA’s high-end timekeeping system went darkish Dec. 13 after Kronos skilled the ransomware assault over the earlier weekend.

MTA Chief Administrative Officer Lisette CamiloMTA Chief Administrative Officer Lisette Camilo despatched an electronic mail to over 70,000 MTA workers informing them of the information breach.Paul Martinka

Workers should nonetheless swipe out and in of labor utilizing the Kronos clocks, because the native {hardware} continues to perform — although some employees are unable to obtain greater than 40 hours of wages per week and are basically working extra time for an IOU.

MTA officers rolled out Kronos authority-wide about two years in the past after The Post uncovered allegations of extra time abuse following a sequence of exposés on Long Island Rail Road employees pulling in large paychecks.

The “biometric” clocks require employees to swipe out and in of labor, and scan their fingerprints after they accomplish that — one thing consultants employed by the MTA mentioned would forestall and catch fraud.

Transit officers mentioned the leaked knowledge included “names and dates of birth” and that the MTA “has taken initial steps to enforce its legal rights.”

“The MTA is working to ensure that Kronos takes all steps necessary to address this incident and to safeguard the data of MTA employees going forward,” MTA spokesman John McCarthy mentioned in an announcement. “The MTA will monitor Kronos’ progress and continue to require affirmative steps be taken to address the regrettable impact of the current cybersecurity attack.”

Comments are closed.