Black man sitting at his desk. His computer monitor is displaying a ransomware notice

Sainsbury’s payroll hit by cybersecurity incident

Sainsbury’s was recently thought to be one of many businesses in the UK and the United States affected by a cyberattack on its payroll systems provider.

Two weeks before Christmas, Kronos disclosed it had suffered a ransomware attack, affecting its computer systems. Sainsbury’s uses Kronos for collecting, storing, and processing the hours worked by its employees.

A ransomware attack sees cybercriminals access a computer network before stealing or removing access to data. The criminals then ask for a ransom to return data access or in return for not selling or leaking the data. In many cases, this happens anyway, even when a ransom is paid.

Due to the Kronos attack, it is believed Sainsbury’s lost a week’s worth of payroll data for its 150,000 employees. It is thought Sainsbury’s was able to pay all employees any owed wages before Christmas.

Cyberattack causes massive issues

As a result of the Kronos attack, multiple departments at Sainsbury’s – and undoubtedly other affected businesses – had to work through historical payroll and working patterns data to try and ensure everyone was paid correctly and on time.

A Sainsbury’s spokeswoman told the BBC: “We’re in close contact with Kronos while they investigate a systems issue.

“In the meantime, we have contingencies in place to make sure our colleagues continue to receive their pay.”

Potential for services to be offline for weeks

Massachusetts-based Kronos, part of UKG, said some systems could be offline for several weeks while it restored access to data. The business also called on its customers to implement business continuity protocols to minimise disruption while this took place.

According to reports from the United States, Honda North America were among the businesses affected. However, Honda UK, which also uses Kronos, told the BBC the ransomware attack had not impacted its payroll operations.

Speaking to the BBC, a Kronos official said: “UKG recently became aware of a ransomware incident that has disrupted the Kronos Private Cloud, which houses solutions used by a limited number of our customers.

“We recognise the seriousness of the issue and have mobilised all available resources to support our customers and are working diligently to restore the affected services.”

Kronos said action was underway to investigate, mitigate, and fix the issue and that all affected customers and the relevant authorities had been notified of the incident.


Get in Touch

Fill in the form below to tell us your details, and we’ll get started.