The next two paychecks Ingredion employees receive will be subject to wage deductions, after a malware attack struck the company’s computer servers and hardware.
Ingredion on Nov. 22 distributed “overpayment acknowledgment and wage deduction authorization” forms to employees, a copy of which The Gazette reviewed, outlining company plans to subtract sums from employees’ Dec. 6 and Dec. 20 paychecks.
The notification says Ingredion issued employees a “generic” payment for 108 hours worked during its Oct. 7-20 payroll period, after announcing it had detected “suspicious activity” Oct. 12 affecting several servers in certain data centers.
Ingredion also faced “configuration problems” stemming from the cyberattack for its Oct. 21-Nov. 3 payroll period, and issued a mispayment for the Nov. 4-17 period, too, the form says.
The company indicated in its form it hoped to make the final deduction on the Dec. 20 paychecks so it could accurately issue 2019 W-2 wage reports in a timely manner.
The form The Gazette reviewed showed one employee owed Ingredion an overpayment of $1,032.
Though the form asks for employees’ signatures in acknowledging that the wage deductions are “knowing and voluntary,” Ingredion noted that employees are “entitled to the underpayment regardless of whether (they) sign this authorization.”
“This amount will not reduce my wages below that of the minimum wage,” the form continues.
ARTICLE CONTINUES BELOW ADVERTISEMENT
Employees who leave Ingredion before their overpaid total is collected in full could see the balance owed taken out of any final compensation due, including from salary or unused vacation time, the form says.
Upon detecting the suspicious activity, Ingredion “immediately took steps to identify and contain the situation,” according to an Oct. 15 company statement.
This involved taking certain systems offline as the company worked to investigate the impact to its data centers’ servers, Ingredion spokeswoman Becca Hary said in an email to The Gazette Friday afternoon.
Ingredion conducted payroll manually for hourly employees in Cedar Rapids, using a calculation based on average hours previously worked, and now is working on future payroll modifications to reflect the actual hours worked, she said.
“We’re working through this process carefully with our hourly employees to ensure this is addressed before the year end,” Hary said. “While the systems incident was unfortunate, we believe the steps we have taken to protect our information and treat our employees fairly are equally important.
“This is why we communicated our actions to impacted employees right away and ensured timely payroll delivery.”
Ingredion enlisted a third-party consultant for help in getting its affected servers back online and to assist its I.T. team in investigating the malware attack.
Through that investigation, the external security vendor detected and began working to address another strain of malware on Ingredion’s systems, the company wrote in a Nov. 19 filing with the U.S. Securities and Exchange Commission.
ARTICLE CONTINUES BELOW ADVERTISEMENT
That strain “could present a risk to individuals who use Ingredion systems to access personal accounts or who have stored personal credentials on their Ingredion system,” such as to conduct personal banking or e-commerce transactions on a work computer, the filing says.
However, the company added, it is not aware of evidence that any employee’s personal or Ingredion business information was misappropriated.
Of the upcoming pay periods, Hary said, “We are confident we can work through the necessary adjustments with our employees, and we truly appreciate their understanding during this process.”
The Westchester, Ill.-based company manufactures food ingredients at its Cedar Rapids facility.
Comments: (319) 398-8366; email@example.com