NYC transit worker alleges OT violations stemming from Kronos outage

Dive Brief:

A New York City transit employee has alleged in a putative collective action that the employer improperly withheld overtime pay during a recent widespread outage of payroll and timekeeping system Kronos.
The suit, filed Jan. 26, claimed the Metropolitan Transit Authority shifted to internal payroll practices when a ransomware attack took down the UKG system. The employer ensured that workers received their straight-time pay but it "decided to arbitrarily withhold the earned overtime wages of its employees who were paid through Kronos' payroll processing services," the suit said, alleging a willful Fair Labor Standards Act violation.
The lawsuit also claimed the problem, which began in mid-December, isn’t yet resolved: "As of the date of filing the within Complaint, Defendants have not yet resumed using Kronos for payroll services. It is unknown when, if ever, Defendants will resume its reliance upon Kronos payroll services, and the FLSA Plaintiffs are just expected to wait for their earned overtime wages." An MTA spokesperson told HR Dive the employer does not comment on pending litigation.

Dive Insight:

U.S. Department of Labor regulations state that generally, "overtime compensation earned in a particular workweek must be paid on the regular pay day for the period in which such workweek ends." If the correct amount of overtime pay can’t be determined until after the regular pay period, employers are permitted to delay payment but no longer "than is reasonably necessary for the employer to compute and arrange for payment of the amount due and in no event may payment be delayed beyond the next payday after such computation can be made," the rules state.

It’s unclear whether the Kronos outage and employers’ responses will ultimately result in any wage and hour liability for employers, but sources speaking to HR Dive at the time of the outage encouraged businesses to move quickly to avoid such issues. While federal law may not set hard deadlines for pay, some states and cities do, they noted, suggesting employers that lost timekeeping data in the breach immediately ask employees to report their hours worked.

Separately, employers also are beginning to fulfill notice requirements associated with state data breach laws as the extent of the ransomware attack comes into focus. Puma, for example, recently notified some workers that their personal information was compromised, according to various media reports.