Kronos hackers stole personal info of Metro-North workers, MTA says

Ransomware hackers who breached the network of MTA timeclock provider Kronos made off with the personal information of several current and former Metro-North employees, transit leadership said Thursday.

“Kronos recently informed us that some files containing personal information of some current and former MTA employees at one of our agencies – Metro-North Railroad – were accessed by the perpetrators of this ransomware incident,” MTA Chief Administrative Officer Lisette Camilo said in an email to the authority’s approximately 70,000 employees.

“The information accessed did not include Social Security numbers, driver’s license numbers, bank or other financial institution account numbers, or biometric information,” Camilo’s email said. “At this time, Kronos has no evidence that the personal information of any other MTA employees was accessed.”

The MTA has arranged with Kronos and its parent company to offer all current and former employees two years of free credit monitoring and identity theft protection, the email said.

The back-end of the MTA’s high-end timekeeping system went dark Dec. 13 after Kronos experienced the ransomware attack over the previous weekend.

MTA Chief Administrative Officer Lisette Camilo sent an email to over 70,000 MTA employees informing them of the data breach.
Paul Martinka

Workers must still swipe in and out of work using the Kronos clocks, as the local hardware continues to function — though some workers are unable to receive more than 40 hours of wages per week and are essentially working overtime for an IOU.

MTA officials rolled out Kronos authority-wide about two years ago after The Post exposed allegations of overtime abuse following a series of exposés on Long Island Rail Road workers pulling in huge paychecks.

The “biometric” clocks require workers to swipe in and out of work, and scan their fingerprints when they do so — something consultants hired by the MTA said would prevent and catch fraud.

Transit officials said the leaked data included “names and dates of birth” and that the MTA “has taken initial steps to enforce its legal rights.”

“The MTA is working to ensure that Kronos takes all steps necessary to address this incident and to safeguard the data of MTA employees going forward,” MTA spokesman John McCarthy said in a statement. “The MTA will monitor Kronos’ progress and continue to require affirmative steps be taken to address the regrettable impact of the current cybersecurity attack.”