article featured image


Workforce management solutions provider Kronos was hit by a ransomware attack back in December 2021 that disrupted many of their cloud-based solutions for weeks.

Kronos is a human resources and workforce management company that provides cloud-based solutions for timekeeping, salaries and benefits, analytics, and other tasks. In 2020, Kronos and Ultimate Software merged to form UKG, a new organization.

The company’s software is used by many industries, including car manufacturers, educational institutions, and local governments. Some of Kronos’ clients are Tesla, Temple University, Community Bank, the San Francisco Municipal Transit Authority, and Puma.

Puma Suffers the Consequences

Now, as per BleepingComputer, we found out that the German multinational corporation that designs and manufactures athletic and casual footwear Puma suffered a data breach following the ransomware attack on Kronos.

According to the data breach notification filled with several attorney generals’ offices earlier this month, the malicious actors also stole confidential data belonging to Puma personnel and their dependents stored on the Kronos Private Cloud (KPC) cloud environment before encrypting it.

What Is KPC?

Kronos Private Cloud (KPC) is characterized by UKG as a secure storage and server facility housed in third-party data centers. This infrastructure is where their Workforce Central, Workforce TeleStaff, TeleTime IP, Enterprise Archive, Extensions for Healthcare (EHC), and FMSI environments are hosted.

Following the incident, a Kronos client affected by the cyberattack told BleepingComputer that they had to start using paper and pencil to cut checks and track timekeeping.

The Damage

Since the attack was discovered, Kronos has been conducting a comprehensive review of the impacted environment to determine whether any individual’s personal information was subject to unauthorized access or acquisition.

On January 7, 2022, Kronos confirmed that some of your personal information was among the stolen data. We notified PUMA of this incident on January 10, 2022.


While the breach notification does not clarify how many Puma employees’ private data was compromised during the attack, details provided to the Maine Attorney General’s Office discloses that the threat actors managed to access and steal the information of 6,632 people.

According to Puma, Social Security Numbers were also stolen during the ransomware attack.

People who were impacted by this data breach were given two years of free Experian IdentityWorks membership, which includes credit monitoring, identity restoration, and identity theft insurance.

According to BleepingComputer, the attackers also managed to steal source code for an internal Puma application in August and sold it on the Marketo data leak portal. Robert-Jan Bartunek, the head of Puma’s corporate communications, confirmed the cyberattack.

How Can Heimdal™ Help?

Data breaches are very common nowadays and system vulnerabilities usually facilitate hackers’ infiltration. That is why a system should be always updated and have the latest patches applied. But what do you do if you cannot keep always track of what patches need to be applied? You use an automated Patch Management Solution.

Heimdal has this solution and it’s very efficient because it really saves you time. You will always have control over your software inventory, enabling patch management from anywhere in the world. What’s even cooler is the vendor to end-user waiting time, this means that in less than 4 hours the released patches, tested and repackaged, are available in your Heimdal cloud for deployment. Find more on our website!

If you liked this article, follow us on LinkedInTwitterFacebookYoutube, and Instagram for more cybersecurity news and topics.

Author Profile

Antonia Din

PR & Video Content Manager

linkedin icon

As a Senior Content Writer and Video Content Creator specializing in cybersecurity, I leverage digital media to unravel and clarify complex cybersecurity concepts and emerging trends. With my extensive knowledge in the field, I create content that engages a diverse audience, from cybersecurity novices to experienced experts. My approach is to create a nexus of understanding, taking technical security topics and transforming them into accessible, relatable knowledge for anyone interested in strengthening their security posture.


Oh my, that’s not good. Was it a sneak attack.

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo