Ransomware struck UKG’s (Ultimate Kronos Group) Kronos Private Cloud on December 11 2021, taking down workforce management and payroll processing systems used by thousands of large employers including hospitals, municipalities, universities, and retailers. UKG took the Kronos Private Cloud offline for weeks, causing widespread payroll disruption across hundreds of organisations during the holiday pay period. Affected customers included Tesla, PepsiCo, Whole Foods, Honda, Puma, NYC transit, and major US hospital systems. Some employees received incorrect, delayed, or no paychecks. Full restoration took up to two months. The incident triggered numerous class-action lawsuits against UKG from affected employees. Puma employee data (6,632 individuals) was confirmed stolen and used in a Maine AG notification. UKG did not publicly name the ransomware variant; some reports attributed it to a variant related to the BlackCat/ALPHV group.