YU’s Payroll Time Entry System, Kronos, Experiences a Cyber-Security Breach

By: Mili Chizhik  |  December 13, 2021

By Mili Chizhik, News Editor

Earlier this afternoon, Dr. Sara Asher, Beren campus’s Assistant Dean of Students, forwarded an email from YU’s Chief Human Resources Officer Julie Auster to Beren campus students regarding a breach in security in their third-party payroll time entry system, Kronos.

In her December 13, 2021 email, Ms. Auster described the shutdown that would temporarily affect the “ability to access Kronos and record time.” She went on to clarify that this “is a cloud-based system that is not managed by YU. Fortunately, our Kronos information does not contain social security numbers or dates of birth, and we have no reason to believe confidential information of YU students or personnel would have been affected.”

Regarding the pay periods that were affected, the bi-weekly and semi-monthly pay periods of 12/10 and 12/15, respectively, were not affected. Although, as described in the email, they “are preparing for the possibility that this may affect our ability to generate payroll for the 12/23 pay period…if the Kronos entry system is not up by the time we need to process the payroll.” 

The YU office which manages payroll operations is working with Kronos to figure out the scope of the situation and to fix the situation. Furthermore, the email described that the employees who work hourly and have standard hours will be paid normally for their 12/23 payroll that is issued bi-weekly. Of those who worked overtime and employees that do not have standard hours and input their hours on an irregular basis, such as student jobs (i.e. peer tutors, teaching assistants, writing center tutors, etc.), YU has yet to figure out how to pay them and stated that they “will send out instructions on how to account for hours as soon as possible.”  

At the end of her email, Ms. Auster recommended to all who have questions to email payrollservices@yu.edu

This cyber-security issue came almost 8 months after a major security breach and just days after the alert sent by YU’s ITS department on December 8th, 2021 regarding the phishing and spam emails that many students received. An example of a suspicious email that was attached to the alert from ITS contained the following: “Dear Student, I’m offering a personal assistant position that pays $750 weekly. Several attempts to email you at your edu email keeps returning back due to the length of the job description kindly provide a Non-Edu email address where I can forward job details – hours and pay if you are interested.”

The ITS department explained to students that they must be aware of any suspicious messages that they receive and to verify the addresses that the emails are sent from. Similarly, if there is an “External Flag” on any email that comes from YU faculty or staff, even if “it comes from yourself”, one must not open it or reply. Additionally, if the reply email is not the email in the reply-to, one should also treat it as spam and should never open any attachments or links from these emails. With any suspicious emails, they should be forwarded to abuse@yu.edu. With any further questions or concerns, please email helpdesk@yu.edu, call 646-592-4357, or dial 4357 or 6123 from Microsoft Teams.