Updates on Cyber Attack on Kronos Timekeeping System

TUE, DEC. 14, 2021

BWS Retirees and Past Employees also at Potential Risk from Kronos Cybersecurity Attack

HONOLULU – On Dec. 13, 2021, the Board of Water Supply (BWS) announced that their employees were at potential risk for identity theft due to a cybersecurity attack that disrupted the parent company of Kronos. Kronos is used by the BWS for timekeeping.

At that time, not much else was known about the attack. Since then, the BWS has identified that information on employees who worked at the Department since 2002 was also retained in Kronos. This includes retirees and former employees.

The information at potential risk is limited to the following data only: name, address, birthdate, work phone, work email address, and hourly pay. Kronos does NOT contain employee social security numbers or bank account information. Retirees and former employees are also advised to check their credit reports and be alert to any unusual or unauthorized activity.

BWS customers are NOT affected by this incident. All data stored on BWS systems are not at risk due to this incident, including BWS employee and BWS customer and account information.

If  you have further questions, please contact the BWS’s Human Resources Office by phone at (808) 748-5160 or by email at bwshr@hbws.org.

MON, DEC. 13, 2021

BWS Payroll and Employee Benefits Affected by Cyber Attack on Cloud-Based Provider; BWS Customers and Accounts NOT Affected

HONOLULU – On Sunday evening, Dec. 12, 2021, the Board of Water Supply (BWS) was notified of a cybersecurity attack disrupting Kronos Private Cloud (KPC) services, which houses solutions used by its customers, including BWS. “Kronos Workforce,” the BWS’s timekeeping system, is one of these solutions. The BWS immediately shut off all access to KRONOS.

The parent company of Kronos, UKG, took immediate action to investigate this issue. They have determined that this is a ransomware incident affecting the KPC services. They continue to work on determining the nature and scope of the attack.

BWS customers are NOT affected by this incident. However, out of an abundance of caution, BWS is advising its employees to check their credit reports and be aware of any unusual or unauthorized activity.

While not much else is known about the attack, this disruption of services comes at an unfortunate time for BWS employees as they get ready for the holidays.

Updated: 12/14/2021