UKG Kronos Private Cloud Status Updates

Additional Information Regarding Recent Cybersecurity Incident

We recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud, which houses solutions used by a limited number of our customers. We took immediate action to investigate and mitigate the issue, and are working with leading cybersecurity experts. We recognize the seriousness of the issue and have mobilized all available resources to support our impacted customers. The latest details are available below.

Receive Update Notifications by Email*

Get the latest updates sent to your inbox.


Frequently Asked Questions

Read up-to-date Q&A for impacted customers.  



All UKG Kronos Private Cloud Updates



*Upon subscribing, please click the link in the confirmation email from [email protected] If you do not receive this email, please check your spam filter.

Incident Summary

On December 11, 2021, we became aware of unauthorized activity impacting UKG solutions using Kronos Private Cloud. We took immediate action to investigate and mitigate the issue and determined that it was a ransomware incident affecting the Kronos Private Cloud—the environment where some of our UKG Workforce Central, UKG TeleStaff, Healthcare Extensions, and Banking Scheduling Solutions are deployed.

It is important to note that at this time, we are not aware of an impact to:

  • On-premise (self-hosted) UKG Workforce Central customers
  • On-premise UKG TeleStaff customers
  • UKG Pro
  • UKG Dimensions
  • UKG Ready
  • UKG HR Service Delivery (People Assist and Document Manager)
  • Any other UKG products or solutions that are housed in separate environments and not in the Kronos Private Cloud

These solutions listed above remain available.

Status Update as of January 14, 2022

Dear Kronos Private Cloud Customers –

As promised, today we are providing our weekly status update on our KPC recovery efforts. We will continue to provide these updates on a weekly basis until our recovery process is complete.

KPC Recovery Progress Update

  • At this time, we are pleased to report that we have informed over 1,000 affected customers that their environments are back online and ready for them to log-in. We are ahead of schedule as it relates to our January 28 target date for restoration of all customers.
    • For those customers who are in the process of utilizing our Recovery Guides to reconcile their data and restore functionality to their solutions, we have created a series of videos that provide step-by-step instructions for each guide. These can be found on the KPC Resource Center on Kronos Community here.
  • If you have not yet been notified that your environment is ready for you to reconnect and validate, please know we're working around the clock and have a process that is working efficiently and effectively to bring remaining customers back online.
  • As we have previously communicated, you will receive updates when you reach key milestones in the recovery process (Server Recovery, Database Recovery, Application Readiness, Validation and Reconciliation). In the meantime, please feel free to reach out to your Recovery Liaison for more information.

KPC Security Enhancements Update

  • It is important to us that you understand the detailed process that we are following to get every impacted customer ready to restore connection to the KPC:
    • To ensure the security of each restored customer environment, we are following a systematic approach that requires each system in the KPC to return to operation only after it has been scanned, rebuilt (if needed), reviewed by our product teams, and cleared for operation by our security experts.
    • This meticulous approach enables us to be highly confident that we have eliminated any security threats associated with this incident before we deem a system to be clear for operation.
    • Other steps we are taking to enhance the security of each restored customer environment include assisting our customers in identifying any needed software patching specific to their environment, as well as implementing a range of system hardening measures to strengthen the defense of the KPC environment overall.
  • UKG’s corporate IT systems, including UKG’s email system, have not been affected and remain online.
  • We are only restoring individual customer environments when we have completed a rigorous process and are confident that the customer may safely reconnect.

Forensic Investigation Update

  • We also want to provide an update on the progress we’ve made on our forensic investigation into this incident.
  • Our investigation remains ongoing and we continue to work diligently with cybersecurity experts.
  • At this point in the investigation, we have identified and analyzed a relatively small volume of data that was exfiltrated by the threat actor, and have notified affected customers of these findings.
  • Any customer whose sensitive business data and/or employee data is confirmed to have been exposed as a result of this attack will be notified by UKG consistent with our obligations, and we will take appropriate steps to support these customers in protecting affected individuals.
  • When our forensic investigation is complete in several weeks, we will have additional information to provide upon request.

Thank you again for your continued patience and support as we advance our recovery process. We are encouraged by the progress we’ve made over the past week and look forward to bringing many more customers back online over the next several days.