In a significant development, a federal judge approved a $2.4 million settlement on Wednesday for a class-action suit between food corporation Cargill and a group of current and former employees. The employees alleged that Cargill failed to pay them for all hours worked following the 2021 Kronos ransomware attack. The settlement, in the case of Futrell v. Cargill, comes after employees filed the suit in April 2022, citing pay discrepancies resulting from the Kronos attack on Cargill’s timekeeping and payroll systems.
Background
The Kronos ransomware attack caused widespread disruptions to Cargill’s operations, including its timekeeping and payroll systems. The impact of the attack resulted in significant pay discrepancies for employees, leading to the class-action suit. The suit specifically highlighted Cargill’s failure to pay non-exempt hourly workers and salaried employees their full overtime premium for overtime hours worked.
Allegations made in the lawsuit
According to the lawsuit, Cargill neglected to fully compensate employees for all hours worked, which is a violation of labor laws. The failure to pay overtime premiums to nonexempt hourly workers and salaried employees added to the grievances outlined in the suit.
Settlement terms
Under the terms of the settlement, Cargill has agreed to pay all underpaid collective members a proportional amount of the unpaid wages as liquidated damages. Additionally, nonexempt employees who worked in New York will receive an additional flat rate payment, while employees who were overpaid during the Kronos outage will also receive a per-person payment.
Ongoing fallout from the Kronos outage
Cargill is not the only employer facing litigation over its handling of the Kronos outage. The incident’s fallout continues to settle almost two years after the Kronos Private Cloud platform outage. In September, the University of Massachusetts Memorial Medical Center agreed to a $1.2 million settlement of wage-and-hour claims resulting from the breach. This ongoing litigation highlights the enduring impact of the Kronos attack on businesses and their employees.
Impact on HR departments
The Kronos outage created chaos for numerous HR departments, particularly during the critical 2021 holiday season. In the absence of functioning timekeeping and payroll systems, many HR departments had to resort to manual time sheets or duplicate payrolls from earlier pay periods to ensure workers could be paid on time. Such makeshift solutions further highlight the severe disruptions caused by the ransomware attack.
Employer Reactions and Future Use of Kronos
Despite the challenges posed by the Kronos attack, multiple employers interviewed after the incident expressed their intention to continue using Kronos and its parent company, UKG. Employers cited the company’s range of capabilities and the potential expense of finding an alternative as reasons for sticking with the system. The decision to remain with Kronos underscores the complex considerations involved in choosing and transitioning to a new platform.
Settlement by UKG
In addition to Cargill, UKG, the company that owns Kronos, also faced pressure to settle with affected employees. The outcome of this settlement is not explicitly mentioned in the current report, but it highlights the broader impact of the Kronos attack on businesses and their responsibility to address the grievances of their employees.
The $2.4 million settlement reached between Cargill and its employees is a significant milestone in addressing the pay discrepancies resulting from the Kronos ransomware attack. The case sheds light on the importance of safeguarding timekeeping and payroll systems against cyber threats to protect employee rights. As businesses increasingly rely on digital platforms, the incident serves as a reminder of the need for robust cybersecurity measures and proactive response strategies to mitigate the impact on employees and overall business operations.