Several LIRR union leaders are urging the MTA to drop its Kronos timekeeping system after learning that personal information belonging to an unknown number of current and former Metro-North employees was swiped during a cyberattack last month.
"As we have pleaded in the past, with your support, the MTA needs to handle its own business in-house, especially involving its employee personal information and payroll. Please assist us in delivering this message to the MTA, and gather whatever support necessary to lead us out of this epic failure," the union heads said in a letter Friday to Sen. Timothy Kennedy (D-Buffalo), the chairman of the State Senate Committee of Transportation.
Ultimate Kronos Group, an human resources management company contracted by the MTA in 2019 to install biometric clocks that track MTA employee hours, was hacked last month. At the time, Kronos said it was still trying to determine whether any data had been compromised and the MTA instructed employees using the system to continue doing so.
On Thursday, roughly 67,000 MTA employees learned that cyber perpetrators had lifted files containing personal information.
In a statement Friday, MTA Chief of External Relations John McCarthy said the "names and dates of births," of current and former Metro-North employees were accessed but added that Kronos has not found evidence that employees from other MTA agencies were affected. The MTA did not clarify how many Metro-North employees were impacted.
The MTA declined to respond to the unions’ concerns but in the statement said it was working with Kronos to continue to safeguard the data of its employees.
Anthony Simon, general chairman of the International Association of Sheet, Metal, Rail and Transportation Workers, the Long Island Rail Road’s largest union, joined with eight other unions and demanded the MTA reinstate its prior payroll operation, claiming the Kronos attack has disrupted pay and confidence in the system.
"If you didn’t know from the get-go and first told us it wasn’t a breach and now it is, how is there any trust in what you’re doing. There is no way you can guarantee our data wasn’t breached. You’re affecting people’s lives," Simon told Newsday.
"None of our members have any concern with clocking in and out, we just want a system that safeguards our personal information. We’ve earned the right to keep our personal information safe. They have not been able to guarantee that. A system that has been broken should be taken out," he continued.
In the letter, the union leaders called Kronos a "wasteful and ineffective system," and claimed Kronos is "not capable of paying our members for the hours they work or the compensation they have earned." Simon said many workers are now tasked with manually keeping track of their own overtime hours.
The agency assured employees in an email Thursday that payroll has not been impacted.
But Nicholas Peluso, the general chairperson of the Transportation Communications Union, said over a thousand workers are experiencing a lag in overtime pay and are not currently receiving differential pay for night, emergency or weekend jobs.
The ransomware attack impacted Kronos Private Cloud Solution which stores time and attendance and has not yet been restored at the MTA, Peluso said.
"For the MTA to not acknowledge that there are payroll issues is a slap in the face to every union brother and sister working throughout the MTA 24/7." Peluso said.
The letter sent to Kennedy was signed by Brotherhood of Railroad Signalmen, International Association of Machinists & Aerospace Workers, Transportation Communications Union, Brotherhood of Locomotive Engineers and Trainmen, Independent Railway Supervisors Association, National Conference of Firemen & Oilers, SEIU 32 BJ, and several other unions.
Meanwhile, Kennedy said he plans on talking to MTA acting chief executive Janno Lieber during his Senate confirmation as the agency’s head next week. "I've been discussing these serious concerns with labor leaders, and I am extremely disappointed to hear how this unreliable and ineffective system is impacting our workforce. It's clear this issue has been progressively getting worse, and needs to be addressed," Kennedy said in a statement.
The Association of Commuter Rail Employees, the Metro-North’s largest union, also demanded the MTA "return to the reliable and secure in-house payroll system that served the system well in the past," in a separate letter sent to Kennedy and Sen. Leroy Comrie (D-Queens) Friday afternoon. The Association of Commuter Rail Employers said private data for at least 7,000 Metro-North employees and retirees was compromised.