Sainsbury’s Payroll Disrupted By US Ransomware Attack

Sainsbury’s payroll disrupted by ransomware attack on US cloud services provider Ultimate Kronos Group, but promises to pay staff before Christmas

Sainsbury’s has acknowledged it is one of the businesses hit by a ransomware attack on a major US provider of cloud payroll systems.

The supermarket chain lost a week’s worth of data for its 150,000 UK employees, The Mirror reported.

Companies such as Sainsbury’s rely on services from Ultimate Kronos Group (UKG), based in Lowell, Massachusetts and Weston, Florida, to log staff hours and calculate pay.

Sainsbury’s said staff would be paid before Christmas.

HSBC, security, hacking, kronos, ransomwarePayroll data

It said departments including payroll, human resources and accounting were using historical data and working patterns to ensure accurate and timely payment.

“We’re in close contact with Kronos while they investigate a systems issue,” Sainsbury’s said in a statement.

“In the meantime, we have contingencies in place to make sure our colleagues continue to receive their pay.”

Kronos acknowledged the ransomware attack last Monday, after noticing “unusual” activity the previous Saturday.

It said its systems could be down for several weeks and advised its customers to “evaluate and implement alternative business continuity protocols”.


Kronos’ customers include the city of Cleveland, Ohio, New York City’s Metropolitan Transportation Authority (MTA), Tesla, MGM Resorts International, Whole Foods, Honda North America and hospitals across the US. Honda UK is reportedly not affected.

The attack affects Kronos Private Cloud, a cloud data storage offering for several of the company’s services, including UKG Workforce Central, used by employees to track hours and schedule shifts.

Kronos said after detecting the attack it took “immediate” action to investigate and mitigate the issue, alerted affected customers, informed authorities and is working with cybersecurity experts.

“We recognise the seriousness of the issue and have mobilised all available resources to support our customers and are working diligently to restore the affected services,” the company said.

In most cases staff can log hours using the offline Kronos timesheet system, but it is unclear when the systems will come back online.

Log4j vulnerability

The MTA said it had “complete confidence” staff would be paid for every hour worked.

The city of Cleveland said Kronos had alerted it last week that some sensitive data may additionally have been compromised, including staff names, addresses and the last four digits of social security numbers.

Kronos said in an FAQ page that it is “working diligently to determine whether customer data has been compromised”.

The incident occurred as organisations scrambled to patch a widespread security vulnerability known as Log4j.

Kronos said it had initiated a “rapid” patching process for Log4j and was still investigating whether the vulnerability had been used in the ransomware attack.