Numerous lawsuits have recently been filed against employers alleging violations of the Fair Labor Standards Act (FLSA) and state wage and hour laws stemming from a cyberattack on third party timekeeping vendor Ultimate Kronos Group. The cyberattack, which disabled the Kronos timekeeping system from the end of 2021 through early 2022, has given rise to allegations that hourly employees were shorted overtime pay during the outage. Employers were faulted for not having adequate timekeeping back-up plans in place and could be liable for the alleged wage and hour violations, especially to the extent that their agreements with Ultimate Kronos did not provide sufficient indemnification protections.
As cyberattacks continue, employers should take steps to put in place back-up timekeeping systems and perform due diligence overview of their timekeeping/payroll services vendors. To the extent not already done, employers should insist on strong indemnity clauses in contracts with such vendors.