Skip to Content

EMS employees warned of possible identity theft after hackers target payroll vendor

By Matthew Nuttle

Click here for updates on this story

    HONOLULU (KITV) — Employees at the Board of Water Supply and Emergency Medical Services are being urged to monitor their credit reports after a cyber-attack targeting a widely-used payroll vendor.

According to a press release, the attack was discovered Sunday evening, disrupting Kronos Private Cloud (KPC) services, including Kronos Workforce which is the timekeeping system used by BWS and EMS.

Both BWS and EMS said the attack does not affect customer data.

BWS employees are being advised to check their credit reports and to check for unusual activity. Officials said they immediately shut off all access to Kronos as soon as they learned of the attack.

A spokesperson for EMS told KITV4 the attack did not compromise its employees’ personal information. The agency said its employees are manually inputting their hours as they have done before in the past. EMS, too, immediately shutdown access to Kronos when the attack was discovered.

The attack on KPC is a ransomware attack, Kronos parent company UKG said. Officials at UKG are still working to determine “the nature and scope” of the attack.

“It’s hard to say if this is a state-sponsored actor of China or Russia, just a bored kid in another country who found a script and wanted to see what happened if he pointed at something or possibly somebody who’s just testing for vulnerabilities in systems like these,” tech expert Ryan Ozawa said.

According to Ozawa, there are advantages and drawbacks to storing information on a cloud-based system.

“The old school nerd in me would say the safest place for information is some place not connected to the internet, but that’s not realistic,” Ozawa added.

“In many cases the cloud is a preferable place to keep data and applications in part because it’s replicated and accessible from anywhere rather than in a basement to get flooded and destroyed.”

This is the second reported cyber-attack that has affected an agency in Hawaii. On Dec. 9, Oahu Transit Services – which operates TheBus and TheHandi-Van – was the target of a cyber-attack. Service was severely disrupted to TheHandi-Van customers. OTS said service was fully restored on Dec. 10.

There is no evidence the attack on OTS’ servers is related in any way to the attack on Kronos’ servers.

However, Ozawa explained more online outlaws could strike during the holidays.

“What they want is the longest amount of time with unfettered access to your system and with people taking vacations, staff levels down during the holidays, you can expect with fewer people on the I.T. crew ready to act that it’s a far more attractive time to make trouble,” Ozawa said.

Many ransomware attacks on civil infrastructure, Ozawa clarified, happen after employees open an attachment or click a link they should not have — a reminder to avoid opening suspicious emails in your inbox.

Please note: This content carries a strict local market embargo. If you share the same market as the contributor of this article, you may not use it on any platform.

Article Topic Follows: CNN - Regional

CNN Newsource

BE PART OF THE CONVERSATION

KTVZ NewsChannel 21 is committed to providing a forum for civil and constructive conversation.

Please keep your comments respectful and relevant. You can review our Community Guidelines by clicking here

If you would like to share a story idea, please submit it here.

Skip to content