A ransomware attack that targeted the Long Island Rail Road’s employee timekeeping system could force some workers to wait up to 10 months to receive overtime pay, according to union leaders.
The Kronos biometric time clock system used by 67,000 Metropolitan Transportation Authority workers was put back in service earlier this month after being down since December from the cyberattack. But problems still linger, as the transit agency works to process overtime claims that had to be recorded manually for three months.
In a letter to MTA chairman and CEO Janno Lieber last week, the heads of seven LIRR unions said there are at least 13,000 time claims from railroad workers yet to be paid.
The figure, which union officials said came from LIRR payroll manager reports, includes claims for overtime shifts, family and medical leave, and night differential pay. The unions noted that the unprocessed claims are also affecting the pension earning of employees who recently retired, or plan to do so.
With such a backlog, the unions estimate that some workers won’t be paid until October.
“It is outrageous and unreasonable to ask your essential employees to wait that amount of time to be paid for earnings which are rightfully owed,” union leaders wrote. The letter was signed by union leaders including Anthony Simon, general chairman of the International Association of Sheet Metal, Air, Rail and Transportation Workers; Nicholas Peluso, national representative for Transportation Communication Union, and Michael Sullivan, general chairman of the Brotherhood of Railroad Signalmen.
In a statement, MTA spokesman David Steckel said the authority agrees “that employees should be paid accurately for the important services they provide to New Yorkers.”
“ … The MTA is working to reconcile hours worked during the regrettable Kronos global system disruption, so that full payment for overtime hours can be made as rapidly as possible,” Steckel said.
In July 2019, the MTA spent $23.75 million on the Kronos biometric time clock system, which was meant to address potential overtime fraud by requiring workers to scan their fingers when they arrive and leave work. The system was almost immediately besieged with problems, including when the COVID-19 pandemic led to the MTA banning finger scanning because of sanitary concerns.
The ransomware attack on the system also compromised workers’ personal information, including the names and birth dates of some Metro-North Railroad workers, MTA officials have said.
Representatives with Ultimate Kronos Group, or UKG — the company behind the time clock technology — did not respond to a request for comment. The ransomware attack targeted Kronos users throughout the United States, including PepsiCo and Tesla.
MTA Board member Vincent Tessitore Jr. raised the Kronos issue at a railroad committee meeting on Monday, calling it a “tremendous concern” for railroad laborers.
“It’s really affected the lives of a lot of represented employees, and management alike — because they’re going out of their minds trying to fix it,” Tessitore said. “We can’t forget what Kronos did to us and how they failed us.”
Tessitore said he recently spoke with new LIRR interim president Catherine Rinaldi about the issue, and believes “she’s definitely going to help us with speeding up” a resolution.